Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Re; PIX 506e Password Recovery

All I am in the process of recovering a lost password from a 506e that was on the shelf. I have seen documentation via the cco site but I don;t have the ip info for the box to be able to determine the interface ip's. How may I perrforma a paasword recovery via rmon mode?


Cisco Employee

Re: Re; PIX 506e Password Recovery


This link should be all you need

Password Recovery and AAA Configuration Recovery Procedure for the PIX

Hope this helps! If so, please rate.

New Member

Re: Re; PIX 506e Password Recovery

Since this unit does not have a floppy. I tried to connect my laptop via xover to the inside interface. I am unable to ping my system and the fw. I also have the file and tftp server running on my system. Thanks again! These were the recovery procedures I used before I posted. ;)


Cisco Employee

Re: Re; PIX 506e Password Recovery

Are you stating that these instructions don't work? Don't forget to disable any desktop fw on your PC.

PIX Without a Floppy Drive

Complete these steps to recover your password:

Note: Sample output from the password recovery procedure is available in this document.

Install a serial terminal or a PC with terminal emulation software on the PIX console port.

Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.

Note: Because you are locked out, you only see a password prompt.

Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question mark) to list the available commands.

Use the interface command to specify which interface the ping traffic should use. For floppiless PIXes with only two interfaces, the monitor command defaults to the inside interface.

Use the address command to specify the IP address of the PIX Firewall's interface.

Use the server command to specify the IP address of the remote TFTP server containing the PIX password recovery file.

Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np51.bin.

If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.

If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.

Use the tftp command to start the download.

As the password recovery file loads, this message is displayed:

Do you wish to erase the passwords? [yn] y

Passwords have been erased. Note: If there are Telnet or console aaa authentication commands in version 6.2, the system also prompts to remove these.

The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.