Cisco PIX 506 - restore factory defaults

Discussion in 'Cisco' started by Japhar, Mar 22, 2005.

  1. Japhar

    Japhar Guest

    I'm having a good number of problems, and I'd like to start fresh. I'd
    like to run "configure factory-default" (running 6.3(4)). However, I'm
    concerned about losing information that would render me helpless.

    I know I'm going to run "show run" and copy/store that information. But
    after some research, people have commented on losing the activation
    key? or their VPN key? Were run VPN w/3DES activated, and that works.

    I guess I will also make a copy of "show activation-key". Is there
    anything else I should make a copy of? Ideally, I want to be in a
    position where if/when I run the factory-default command, through all
    the information I saved, I can get back to where I was before.

    Any help would be greatly appreciated :)

    thanks,
    J
     
    Japhar, Mar 22, 2005
    #1
    1. Advertisements

  2. :I'm having a good number of problems, and I'd like to start fresh. I'd
    :like to run "configure factory-default" (running 6.3(4)). However, I'm
    :concerned about losing information that would render me helpless.

    tftp off a copy of the configuration to somewhere else.

    I'm not sure if the "config factory" alters the activation key or
    clears the rsa keys. It will certainly clear any VPN keys.
     
    Walter Roberson, Mar 22, 2005
    #2
    1. Advertisements

  3. From Cisco's website:

    <snip>

    configure factory-default

    On the PIX 501 and PIX 506/506E, the configure factory-default command
    reinstates the factory default configuration. (This command is not supported
    on other PIX Firewall platforms at this time.) Use this command carefully
    because, before reinstating the factory default configuration, this command
    has the same effect as the clear configure all command; it clears all
    existing configuration information.

    With no options specified, the configure factory-default command gives a
    default IP address of 192.168.1.1, and a netmask of 255.255.255.0, to the
    PIX Firewall inside interface.

    With the configure factory-default ip-address command, if you specify an
    inside IP address but no netmask, the default address mask is derived from
    the specified IP address and is based on the IP address class.

    With the configure factory-default ip-address netmask command, the specified
    IP address and netmask are assigned to the inside interface of the firewall.

    For the PIX 501, the 10-user license is limited to a DHCP pool of 32
    addresses, the 50-user license is limited to a DHCP pool size of 128
    addresses, and the unlimited user license is limited to a DHCP pool size of
    253 addresses. (It would be 256 addresses for the unlimited user license,
    but the default IP address is class C and 256 DHCP addresses cannot be
    supported within a class C address.) The PIX 506/506E is limited to a DHCP
    pool size of 253.

    </snip>

    For more details see:

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#wp1055799

    HTH,

    -Richard
     
    Richard Graves, Mar 23, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.