«

Hi
I have a secure pix 506 that I need to access for configuration.
Problem is that those who had it installed is not reachable. Ive tried
accessing with hyperterminal via a homemade rollover-cable but with no
success.
Since Im fairly new on cisco Id like some suggestions on how to crack
this one.

regards
/Tomas

"Tomas" <> wrote in message
news: om...
> Hi
> I have a secure pix 506 that I need to access for configuration.
> Problem is that those who had it installed is not reachable. Ive tried
> accessing with hyperterminal via a homemade rollover-cable but with no
> success.
> Since Im fairly new on cisco Id like some suggestions on how to crack
> this one.
>
> regards
> /Tomas


http://www.cisco.com/en/US/products/...8009478b.shtml

If your problem is not knowing the passwords, then you need to follow
the Cisco PIX password recovery procedure. Unfortunately you need to
know the PIX software version that your PIX is running because there
is a password recovery program for each major software release level

(mh) wrote in message news:<. com>...
> If your problem is not knowing the passwords, then you need to follow
> the Cisco PIX password recovery procedure. Unfortunately you need to
> know the PIX software version that your PIX is running because there
> is a password recovery program for each major software release level

My main problem is that I cant connect to the firewall. Im using 9600,
no flow etc but when connecting, the Hyperterminal wont connect.

I will probably need to erase the passwords so thanks for the above.

/Hylsan

You nedd to get console access in order to perform password recovery


You might want to try using a different terminal emulator -
checkout SimpleTerm Gold

To verify that you homemade rolled cable is good, get an inexpensive
continiuty testor and check each RJ45 pinout.

(mh) wrote in message news:<. com>...
> To verify that you homemade rolled cable is good, get an inexpensive
> continiuty testor and check each RJ45 pinout.

Some people will change the speed of the console port to improve
performance, so you might want to try different speeds.

If you have a cisco router, try connecting from the AUX port of your
router to the Console port of your PIX. If you do a show line 10 (I
think 10 is usually your AUX port), look for the line "Modem hardware
state" and it should read:

Modem hardware state: CTS* DSR* DTR RTS

If it doesn't, there's something wrong with your rollover cable or DB
to RJ adapter.

One last thing... Are you sure your rollover cable is a rollover and
not a crossover? Rollovers should have:

Pin/Pin
1/8
2/7
3/6
4/5
5/4
6/3
7/2
8/1

And your RJ45 to DB9/DB25 should be:
Signal / RJ-45 Pin / DB-9 Pin / DB-25 Pin

RTS
8
8
5

DTR
7
6
6

TxD
6
2
3

GND
5
5
7

GND
4
5
7

RxD
3
3
2

DSR
2
4
20

CTS
1
7
4


Good luck!

Bayardo

Ive be able to accessing the pix now, with help of SimleTerm gold(as
suggested)
Now I "just" have to crack the password. Im using the password
recovery tutorial that you suggested and hopefully it will work,
otherwise Ill post more questions.

Thanks for all replies!

regards
/Tomas


(Bayardo Alvarez) wrote in message news:< om>...
> (mh) wrote in message news:<. com>...
> > To verify that you homemade rolled cable is good, get an inexpensive
> > continiuty testor and check each RJ45 pinout.
>
> Some people will change the speed of the console port to improve
> performance, so you might want to try different speeds.
>
> If you have a cisco router, try connecting from the AUX port of your
> router to the Console port of your PIX. If you do a show line 10 (I
> think 10 is usually your AUX port), look for the line "Modem hardware
> state" and it should read:
>
> Modem hardware state: CTS* DSR* DTR RTS
>
> If it doesn't, there's something wrong with your rollover cable or DB
> to RJ adapter.
>
> One last thing... Are you sure your rollover cable is a rollover and
> not a crossover? Rollovers should have:
>
> Pin/Pin
> 1/8
> 2/7
> 3/6
> 4/5
> 5/4
> 6/3
> 7/2
> 8/1
>
> And your RJ45 to DB9/DB25 should be:
> Signal / RJ-45 Pin / DB-9 Pin / DB-25 Pin
>
> RTS
> 8
> 8
> 5
>
> DTR
> 7
> 6
> 6
>
> TxD
> 6
> 2
> 3
>
> GND
> 5
> 5
> 7
>
> GND
> 4
> 5
> 7
>
> RxD
> 3
> 3
> 2
>
> DSR
> 2
> 4
> 20
>
> CTS
> 1
> 7
> 4
>
>
> Good luck!
>
> Bayardo

Ive now got another question for you gurus

Ive removed the pix 506 from the network and have it connected to a pc
that is completly "unconneced" ie no network(auto ip and dns).

My question is; can I just connect the pix to my pc with a patch-cable
and be able to upload this password recovery file?

Im also not sure of the IPs inside the firewall so im uncertain of
what IP I should enter as "address"
as seen in the password recovery page;
"5. Use the address command to specify the IP address of the PIX
Firewall's interface"

The other things I think Ive understood.

Regards
/Tomas

In article <> ,
Tomas <> wrote:
:Ive removed the pix 506 from the network and have it connected to a pc
:that is completly "unconneced" ie no network(auto ip and dns).

:My question is; can I just connect the pix to my pc with a patch-cable
:and be able to upload this password recovery file?

yes, if you have the appropriate upload utility on the PC.
(tftp server I think it is?)


:Im also not sure of the IPs inside the firewall so im uncertain of
:what IP I should enter as "address"
:as seen in the password recovery page;
:"5. Use the address command to specify the IP address of the PIX
:Firewall's interface"

Use whatever address you want the other end to know your PIX as
for the duration of the recovery.
--
We don't need no side effect-ing
We don't need no scope control
No global variables for execution
Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick