Password Recovery Procedure

for PIX

Description

This document describes how to recover a PIX password for PIX software releases through 5.1.

The PIX Password Lockout Utility is based on the PIX software release you are running.

In addition to the required files listed in the next section, you will need the following items to follow the password recovery procedure:

• A PC
• A working serial terminal or terminal emulator
• Approximately 10 minutes of PIX and network downtime

Required Files

Note: If you are a registered user and have logged in, you can download the files here. If you are not a registered user, please open a case with the Technical Assistance Center (TAC) to obtain the files.

• The PIX Password Lockout Utility, which includes the following files:
  • rawrite.exe>
    
  • One of the following files:
    
    • nppix.bin (4.3 and earlier releases)
    • np44.bin (4.4 release)
    • np50.bin (5.0 release)
    • np51.bin (5.1 release)

Step-by-Step Procedure

PIX with a Floppy Drive

1. Execute the rawrite.exe file on your PC and answer the questions on the screen.
   
2. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
   
3. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
   

   Note: Because you are locked out, you will see only a password prompt.
   

4. Insert the PIX Password Lockout Utility disk into the floppy drive of the PIX.
   
5. Push the Reset button on the front of the PIX. The PIX will reboot from the floppy and print the message below:
   

   Erasing Flash Password. Please eject diskette and reboot.

6. Eject the disk and press the Reset button. You will now be able to log in without a password. When you are prompted for a password, press Return.
   
7. Create a password with the passwd command, and save your configuration.

PIX without a Floppy Drive

1. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
   
2. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
   

   Note: Because you are locked out, you will see only a password prompt.

3. Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the Esc (Escape) key. The monitor> prompt is displayed. If needed, enter a question mark (?) to list the available commands.
4. Use the interface command to specify which interface the ping traffic should use. If the PIX 515 has only two interfaces, the monitor command defaults to the inside interface.
5. Use the address command to specify the IP address of the PIX Firewall's interface.
6. Use the server command to specify the IP address of the remote server.
7. Use the file command to specify the filename of the PIX password recovery file. For example, np51.bin.
8. If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.
9. If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.
10. Use the tftp command to start the download.
11. As the password recovery file loads, the following message is displayed:

    Do you wish to erase the passwords? [yn] y
    Passwords have been erased.

12. Create a password with the passwd command, and save your configuration.
    说明：
    以上典型配置有很多已经是厂商停产产品，但是，不少设备往往还有运行，关于该设备的配置或者方案优化，你可以联系蓝盟，我们的资深工程师会给你意外的惊喜！上海蓝盟网络技术有限公司于2002年成立，业务涵盖IT外包、电脑维护、网络维护、网管外包、驻场服务、人员派驻、应急支持、系统集成、网络搬迁、网络升级、数据备份、综合布线、电脑维修、计算机维护、计算机维修，网络改造、网络整理、网络调试、局域网组建、 应急上门、数据恢复、网络咨询、服务管理、运维咨询、ITIL培训、ITSS咨询等，拥有近200名工程师，正在为近500家客户提供“一站式” 的IT外包服务。网址：www.lanmon.com www.lanmon.net 官方微博：http://weibo.com/lanmon2012 咨询电话：4008200159 蓝色学苑：www.bluestudy.net

• 上一篇: 蓝盟IT外包，元宇宙：四梁八柱是什么
  下一篇: Cisco LANE-MPOA 口令恢复

• 分享到：