Announcement

Collapse
No announcement yet.

pix 515e password recovery

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • pix 515e password recovery

    hi,

    i have a pix 515e 6.22 version with 64MB ram without password. From the monitor mode, i connected to tftp server and put all the details like (address, server, file, ping, tftp)

    As the password recovery file loads, this message was not displayed:
    Do you wish to erase the passwords? [yn] y
    Passwords have been erased.
    But it took me straight to pix mode

    pix>

    As i do not have password, i am stuck

  • #2
    Re: pix 515e password recovery

    What is the filename for the image you are loading to reset?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: pix 515e password recovery

      Hi,

      the file name is pix704.bin. please see the show version and sh flash

      sh ver
      Cisco PIX Security Appliance Software Version 7.0(4)

      Compiled on Thu 13-Oct-05 21:43 by builders

      System image file is "Unknown, monitor mode tftp booted image"

      Config file at boot was "startup-config"
      pix up 1 min 1 sec
      Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

      Flash E28F128J3 @ 0xfff00000, 16MB

      BIOS Flash AM29F400B @ 0xfffd8000, 32KB
      Encryption hardware device : VAC (IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5)
      0: Ext: Ethernet0 : address is 000b.5fa1.a961, irq 10
      1: Ext: Ethernet1 : address is 000b.5fa1.a962, irq 11
      2: Ext: Ethernet2 : address is 00e0.b605.fb48, irq 11
      3: Ext: Ethernet3 : address is 00e0.b605.fb49, irq 10
      4: Ext: Ethernet4 : address is 00e0.b605.fb4a, irq 9
      5: Ext: Ethernet5 : address is 00e0.b605.fb4b, irq 5
      Licensed features for this platform:

      Maximum Physical Interfaces : 6
      Maximum VLANs : 25

      Inside Hosts : Unlimited
      Failover : Active/Standby

      VPN-DES : Enabled
      VPN-3DES-AES : Enabled
      Cut-through Proxy : Enabled
      Guards : Enabled
      URL Filtering : Enabled
      Security Contexts : 2

      GTP/GPRS : Disabled

      VPN Peers : Unlimited
      This platform has a Failover Only-Active/Standby (FO) license.
      Serial Number: 806470104

      Running Activation Key: 0xd339aa76 0xe1197bed 0x509b593b 0x91ba13c6

      Configuration has not been modified since last system restart.
      pix>


      pix> sh flash

      Directory of flash:/

      6 -rw- 2316 19:25:08 Jan 07 2009 downgrade.cfg
      9 -rw- 1540152 19:25:27 Jan 07 2009 image_old.bin

      16128000 bytes total (14572544 bytes free)
      pix>

      Comment


      • #4
        Re: pix 515e password recovery

        Get the password reset file from here:
        http://www.cisco.com/en/US/products/...8009478b.shtml

        pix704.bin is the software not the password reset file, you are running 7.0.4 not 6.22 as well
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: pix 515e password recovery

          Hi,

          Thanks for the reply and it has worked till the point where i was able to recover the password.

          Now i am trying to download the file pix704.bin from tftp server. The pix doesnot yet have a file pix704 on the flash memory. I used

          copy tftp://192.168.1.20/pix704.bin flash:
          Address or name of remote host 192.168.1.20
          source filename: pix704.bin
          destination filenameix704.bin

          Accessing tftp://192.168.1.20/pix704.bin.....
          Warning: TFTP download incomplete!
          %Error reading tftp://192.168.1.20/pix704.bin (Unspecified Error)


          The laptop is directly connected to pix. pix ethernet 1 ip is 192.168.1.1 and laptop/tftp server address is 192.168.1.20. Please advice

          Comment


          • #6
            Re: pix 515e password recovery

            This platform has a Failover Only-Active/Standby (FO) license
            You need another PIX to make this one work, is that what you are expecting?

            Also:
            (LINK)
            Minimum RAM
            Cisco PIX 515/515E Security Appliance
            64 MB on Restricted models
            128 MB Unrestricted, Failover, and Failover-Active/Active models
            Note: This release requires more memory for Cisco PIX 515/515E Security Appliances than previous software releases-a memory upgrade may be required

            For info you can also use FTP to transfer the file or another tftp server/client. Check duplex etc is ok for the host.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: pix 515e password recovery

              Hi,

              Thanks for the reply. I have identical 2 pix firewalls 515E. Both of them had a password recovery. One of the pix now has flash image pix704.bin and it was recovered via following procedure.

              copy tftp://192.168.1.20/pix704.bin flash:
              Address or name of remote host 192.168.1.20
              source filename: pix704.bin
              destination filename: pix704.bin

              2. For the second pix:

              From the monitor mode, i typed in

              address 192.168.1.1
              server 192.168.1.20
              file pix704.bin
              tftp

              and it starts copying the file. After that when i try to download the file to flash

              Accessing tftp://192.168.1.20/pix704.bin.....
              Warning: TFTP download incomplete!
              %Error reading tftp://192.168.1.20/pix704.bin (Unspecified Error)

              As you can see that there is nothing wrong with the tftp server. Is there anything i am missing.

              Comment


              • #8
                Re: pix 515e password recovery

                There isn't something else on that IP address is there?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: pix 515e password recovery

                  Hi,

                  The laptop/tftp server is 192.168.1.20 255.255.255.0
                  Pix interface ethernet ip address is 192.168.1.1

                  Pix#
                  Interface ethernet 1
                  ip address 192.168.1.1 255.255.255.0
                  speed 100
                  duplex full
                  nameif inside
                  security-level 100
                  no shut

                  When i try to ping 192.168.1.20, the output is:
                  No route to host 192.168.1.20

                  Comment


                  • #10
                    Re: pix 515e password recovery

                    Had to tell without seeing this. Is it a crossover between the two? Can you try changing the PIX IP to another one in that subject?

                    Does the flash still only show those two files?

                    Bit more on the flash
                    http://www.cisco.com/en/US/products/...80094a5d.shtml
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: pix 515e password recovery

                      Hi Andy,


                      it a crossover between the two. i replace the cable as well.

                      I have changed the PIX IP to another one in that subnet 192.168.1.2

                      Does the flash still only show those two files?

                      pixfirewall# sh flash:

                      Directory of flash:/

                      6 -rw- 1540152 22:19:54 Jan 14 2009 image_old.bin

                      16128000 bytes total (14584832 bytes free)


                      pixfirewall# copy tftp: flash:

                      Address or name of remote host [192.168.1.20]? 192.168.1.20

                      Source filename [pix704.bin]?

                      Destination filename [pix704.bin]?

                      Accessing tftp://192.168.1.20/pix704.bin...
                      %Error opening tftp://192.168.1.20/pix704.bin (No such device)

                      pixfirewall#


                      PIX Version 7.0(4)
                      !
                      hostname pixfirewall
                      enable password 8Ry2YjIyt7RRXU24 encrypted
                      names
                      !
                      interface Ethernet0
                      shutdown
                      no nameif
                      no security-level
                      no ip address
                      !
                      interface Ethernet1
                      nameif inside
                      security-level 100
                      no security-level
                      ip address 192.168.2.1 255.255.255.0
                      !
                      interface Ethernet2
                      shutdown
                      no nameif
                      no security-level
                      no ip address

                      interface Ethernet3
                      shutdown
                      no nameif
                      no security-level
                      no ip address
                      !
                      interface Ethernet4
                      shutdown
                      no nameif
                      no security-level
                      no ip address
                      !
                      interface Ethernet5
                      shutdown
                      no nameif
                      no security-level
                      no ip address
                      !

                      passwd 2KFQnbNIdI.2KYOU encrypted
                      no ftp mode passive
                      no pager
                      no failover
                      no asdm history enable
                      arp timeout 14400
                      timeout xlate 3:00:00
                      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
                      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
                      timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
                      timeout uauth 0:05:00 absolute
                      no snmp-server location
                      no snmp-server contact
                      snmp-server enable traps snmp authentication linkup linkdown coldstart
                      telnet timeout 5
                      ssh timeout 5
                      console timeout 0
                      Cryptochecksum:00000000000000000000000000000000
                      : end

                      Comment


                      • #12
                        Re: pix 515e password recovery

                        Can you ping eachother?
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: pix 515e password recovery

                          Hi Andy,


                          it a crossover between the two. i replace the cable as well.

                          I have changed the PIX IP to another one in that subnet 192.168.1.2

                          Does the flash still only show those two files?

                          pixfirewall# sh flash:

                          Directory of flash:/

                          6 -rw- 1540152 22:19:54 Jan 14 2009 image_old.bin

                          16128000 bytes total (14584832 bytes free)


                          pixfirewall# copy tftp: flash:

                          Address or name of remote host [192.168.1.20]? 192.168.1.20

                          Source filename [pix704.bin]?

                          Destination filename [pix704.bin]?

                          Accessing tftp://192.168.1.20/pix704.bin...
                          %Error opening tftp://192.168.1.20/pix704.bin (No such device)

                          pixfirewall#


                          PIX Version 7.0(4)
                          !
                          hostname pixfirewall
                          enable password 8Ry2YjIyt7RRXU24 encrypted
                          names
                          !
                          interface Ethernet0
                          shutdown
                          no nameif
                          no security-level
                          no ip address
                          !
                          interface Ethernet1
                          nameif inside
                          security-level 100
                          no security-level
                          ip address 192.168.2.1 255.255.255.0
                          !
                          interface Ethernet2
                          shutdown
                          no nameif
                          no security-level
                          no ip address

                          interface Ethernet3
                          shutdown
                          no nameif
                          no security-level
                          no ip address
                          !
                          interface Ethernet4
                          shutdown
                          no nameif
                          no security-level
                          no ip address
                          !
                          interface Ethernet5
                          shutdown
                          no nameif
                          no security-level
                          no ip address
                          !

                          passwd 2KFQnbNIdI.2KYOU encrypted
                          no ftp mode passive
                          no pager
                          no failover
                          no asdm history enable
                          arp timeout 14400
                          timeout xlate 3:00:00
                          timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
                          timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
                          timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
                          timeout uauth 0:05:00 absolute
                          no snmp-server location
                          no snmp-server contact
                          snmp-server enable traps snmp authentication linkup linkdown coldstart
                          telnet timeout 5
                          ssh timeout 5
                          console timeout 0
                          Cryptochecksum:00000000000000000000000000000000
                          : end

                          Comment


                          • #14
                            Re: pix 515e password recovery

                            Its been a long time since I did this. I do see your inside interface in your last post is 2.1 not 1.x though.
                            Without ping we are lost.
                            cheers
                            Andy

                            Please read this before you post:


                            Quis custodiet ipsos custodes?

                            Comment


                            • #15
                              Re: pix 515e password recovery

                              It was a typo. Actually the E1 ip is 192.168.1.2 255.255.255.0 not 192.168.2.1

                              interface Ethernet1
                              nameif inside
                              security-level 100
                              no security-level
                              ip address 192.168.1.2 255.255.255.0

                              Comment

                              Working...
                              X