Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 506 Reset

Trying to reset to factory defaults due forgeten password, keep get an error?

Any ideas why?


monitor> address


monitor> gateway


monitor> server


monitor> file np63.bin

file np63.bin

monitor> tftp

tftp np63.bin@ via

TFTP failed (return:-12 arg:0x0)

monitor> ping

Sending 5, 100-byte 0x3f29 ICMP Echoes to, timeout is 4 seconds:


Success rate is 100 percent (5/5)

monitor> inerface 1

Invalid or incorrect command. Use 'help' for help.

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:13 irq:11)

1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0004.9ad0.fd7f

monitor> trace

trace on

monitor> tftp

tftp np63.bin@ via<3><3><3><3><3><3><3><3><3><3>AAAAAAAAAAA<5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5><5

TFTP failed (return:-12 arg:0x0)



Re: PIX 506 Reset

In configuration mode:

configure factory-default

..Follow the on screen instructions...

Hope this helps, and please rate post if it does as it may help others too.


New Member

Re: PIX 506 Reset

How do you get into config mode whenyour locked out?


Re: PIX 506 Reset

Factory config looks like this:

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

no ip address outside

ip address inside

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

To erase the config use:

write erase


To your TFTP problem:

Have you downloaded the PIX OS Image in BINARY mode ?

Otherwise the image get corrupted.



New Member

Re: PIX 506 Reset

Hi ..

I understandyour second question on how to erase the config when you are locked out :-))) that is tricky.

So back to your problem:

- Are you 100% sure that the tftp server is working ?

can you test it withan tftp client from another pc ?

Otherwise I have no clue, since your commands are fine (very simple) ..


New Member

Re: PIX 506 Reset

TFTP was the issue had to use the following software and it work...

Followed the Cisco doc and reset the password...

Thanks guys..!

PS I tried FTP to/from IIS6 and a few other vendors..didn't work only the above did.

New Member

Re: PIX 506 Reset

I've ran into situations where I had to disable logging and progress tracking on the tftp server for the PiX to download properly in monitor mode.


Cisco Employee

Re: PIX 506 Reset

Make sure you use tftpd32 tftp server form:


Incase using windows-xp SP2, make sure you do not have windows firewall turned on and tftp server up and running and pointing to np63.bin file.

If your Pix is running 6.3 code then you can first try with else at times this dosen't work then you can use np62.bin to try with that.

make sure you do not have two different tftp servers installed/running on your system.

-Most important, i notice you using "gateway"; try avoiding gateway command while doing password recovery and make sure to connect the tftp server host directly to your pix inside interface. I'm sure this would fix the issue and recover the password for you.

Rahul Pathania


Re: PIX 506 Reset

just a suggestion of tftp server software.

it's a freeware and very user friendly, namely pumpkin.

Cisco Employee

Re: PIX 506 Reset

Yes, it is absolutely freeware and recommended by us.

New Member

Re: PIX 506 Reset

I will give it a try, but my favourite has till now been 3coms combined tftp/ftp/syslog program .. freeware and very small footprint :-)

Official version (not updated since 1999)

Unofficial version: