Announcement

Collapse
No announcement yet.

PIX-515e firewall password problems...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PIX-515e firewall password problems...

    Hello everyone, I am trying to set up a small lab and I am having issues with the pix 515e password reset. I bought it used so it already had a pass on it, and I also tried some default passwords just in case.

    Important: I set it up to a switch, which is connected to my router, I also have the laptop and firewall I am using connected to the same switch.

    Router: 192.168.1.1
    Switch: 192.168.1.2
    Computer: 192.168.1.4
    Firewall: 192.168.1.9
    tftp server: 192.168.1.4(same ip as comp)



    first thing I did was set up my comp to work on the lan
    I went to the LAN properties and used:
    - 192.168.1.4 as my ip
    - 255.255.255.0 as my subnet
    - 192.168.1.2 as my default gateway (should this be blank, the ip of the switch, or 192.168.1.1??)

    these are the commands in the console that I used in order...

    1) interface 0
    2) address 192.168.1.9
    3) server 192.168.1.4
    4) gateway 192.168.1.2 (i also tried 0.0.0.0 and 192.168.1.1)
    5) file np62.bin
    6) tfp

    when I did tftp with the gateway 192.168.1

    Any help would be appreciated! :]

    edit: sorry still recoverying from the holidays ...this is my problem:

    When I use the tftp command with the gateway: 192.168.1.2(I also tried 192.168.1.1 and the same thing happened...)

    I do this and it runs for a couple seconds and then my tftp server crashes. I usually get a popup asking me to debug the problem with visual studio...irrelevant

    I also tried using gateway 0.0.0.0 and it would just return with a failure.

    edit 2: it's not crashing as of right now BUT it is just hanging there when i do the 'tftp' command.

    I have Wireshark open and it is saying that the host is unreachable whenever there is a tftp packet

    Is it my default gateway?

    Is it because it's hooked up to a switch and not directly to the router??

    edit 3:

    the command "ping <server/com ip>" fails and returns 0/5 successful pings
    Last edited by OneMan_OneBoard_OnePost; 22nd April 2012, 05:55.

  • #2
    Re: PIX-515e firewall password problems...

    if you're only communicating on the local network, then the default gateway isn't important at this specific juncture.


    So, set it blank for now, and we can deal with that later.


    have you tried another TFTP program ?

    have you tested the TFPT program without using a router ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: PIX-515e firewall password problems...

      I would console into the pix. Get into monitor mode. Set the ip and server information. I think a pix with no floppy will default to the inside interface for the tftp transfer. Connect your pc directly to the inside interface or go through the switch. Make sure you can reach the pix from the pc (Trying sending a pix to the ip address you just set the pix) If its reachable, it should be fine.

      If you are going through the switch, make sure the port connecting to the pix and the port to the pc/tftp server is on the same vlan. You didnt mention if it was a managed switched. Also is it a layer 3 switch? Typically on your pc the gateway would be set to the upstream layer 3 interface for your subnet. This could be an SVI on a layer 3 switch or a router interface (or subinterfaces). The ip address on a layer 2 switch is just for management purposes.


      Solarwinds has free tftp program that I use all the time. Never had a problem with it.

      http://www.solarwinds.com/products/f...tp_server.aspx
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment


      • #4
        Re: PIX-515e firewall password problems...

        Originally posted by auglan View Post
        I would console into the pix. Get into monitor mode. Set the ip and server information. I think a pix with no floppy will default to the inside interface for the tftp transfer. Connect your pc directly to the inside interface or go through the switch. Make sure you can reach the pix from the pc (Trying sending a pix to the ip address you just set the pix) If its reachable, it should be fine.

        If you are going through the switch, make sure the port connecting to the pix and the port to the pc/tftp server is on the same vlan. You didnt mention if it was a managed switched. Also is it a layer 3 switch? Typically on your pc the gateway would be set to the upstream layer 3 interface for your subnet. This could be an SVI on a layer 3 switch or a router interface (or subinterfaces). The ip address on a layer 2 switch is just for management purposes.


        Solarwinds has free tftp program that I use all the time. Never had a problem with it.
        I tried connecting the firewall directly to my comp via console port AND ethernet cord.

        But now my set up is a 2501 router and a 2950 switch that are connected. I plugged both the firewall and my computer into this switch.

        I configured the vlan of the switch to have an ip of 192.168.1.2 and the gateway 192.168.1.1(the ip of ethernet 0 on my router), other than that I did not set anything else. Do I need to set a port? If so, how do I do this?

        My port for the tftp is 69. Wireshark does say "Destination Unreachable(Port unreachable)"

        So even with the switch, I am going to have a default gateway of 0.0.0.0 for the pix?

        Comment


        • #5
          Re: PIX-515e firewall password problems...

          Originally posted by tehcamel View Post
          if you're only communicating on the local network, then the default gateway isn't important at this specific juncture.


          So, set it blank for now, and we can deal with that later.


          have you tried another TFTP program ?

          have you tested the TFPT program without using a router ?
          Yeah I tried connecting the console and ethernet directly to my computer, without a router or switch, but it still didn't work.

          Right now I have a 2501 router where ethernet 0 is 192.168.1.1, and a 2950 switch with an ip op 192.168.1.2 and default gateway of 192.168.1.1. My firewall and computer are BOTH plugged into the SAME switch.

          So you're saying that the default gateway should be 0.0.0.0?

          I could try a direct connection. Would it possibly work better if I just used the switch, without the router, and connected the pc and firewall to that and then try to download from the server?

          Comment


          • #6
            Re: PIX-515e firewall password problems...

            Yes try a direct connection to the pix. If your pc and the pix are on the same subnet you wouldnt need a default gateway as both devices can arp for each other directly. You only need a default gateway when the host your trying to reach is on another subnet, in which case traffic has to be routed.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: PIX-515e firewall password problems...

              Originally posted by auglan View Post
              Yes try a direct connection to the pix. If your pc and the pix are on the same subnet you wouldnt need a default gateway as both devices can arp for each other directly. You only need a default gateway when the host your trying to reach is on another subnet, in which case traffic has to be routed.
              That's what I did.

              Here is a screen shot(url: i42.tinypic.com/14mufsy.png ) of all my settings what happens with the tftp command...it just hangs there. Check out wire shark, there is an arp from the firewall to the server, and the server(my comp) acknowledges it but it still says "Host unreachable (port unreachable)"


              I tried pinging the server from the firewall...0/5 successful
              I also tried pinging the firewall from my cmd prompt but I got:
              "Reply from 205.7.5.8: destination host unreachable" and then the rest time out....1/4 received.

              I'm sure I'm giving you guys a lot of useless info, just trying to give people enough so that someone can notice my error.

              I appreciate everything you all have done so far.
              Last edited by OneMan_OneBoard_OnePost; 22nd April 2012, 21:04.

              Comment


              • #8
                Re: PIX-515e firewall password problems...

                Good news, I got it!

                I had to try two other tftp servers and I had a couple bumps with both of them but I finally found one that worked!!!

                Thank you, everyone!!

                Comment


                • #9
                  Re: PIX-515e firewall password problems...

                  Glad you got it working. I have had good luck with the solarwinds tftp server. Never had a problem with it.
                  CCNA, CCNA-Security, CCNP
                  CCIE Security (In Progress)

                  Comment

                  Working...
                  X