Password Recovery on Pix 515E (I have tried the instructions from Cisco...)

Discussion in 'Cisco' started by Anonymous Poster, Apr 21, 2004.

  1. Hello All,

    I inherited a pair of Cisco PIX 515E firewalls. Unfortunately, nobody
    seems to remember the old enable password. When I plug-in the console,
    all I see is the prompt with very few options when I type "help".

    I set up a tftp server and followed the recommended procedures from
    Cisco. The firewall loaded the np63.bin image and prompted me about
    erasing the passwords, including enable, aaa, etc, etc... After that,
    the Pix rebooted normally and... Now what?

    Trying "enable" on the console will ask me for a password. I tried a
    blank password, "cisco", "password", "pix" and all those. Nothing.
    According to the documentation, there's no default "enable" password
    after the procedure, but the telnet password is set to "cisco". Of
    course, the previous owner disabled telnet, http and any methods of
    access through the ethernet ports, so I can't get in...

    Did I paint myself into a corner? Is there an RMA coming my way?

    Thanks,
    -- Dr.171
     
    Anonymous Poster, Apr 21, 2004
    #1
    1. Advertisements

  2. Anonymous Poster

    News Account Guest

    Per Cisco - "The default Telnet password after this process is "cisco."
    There is no default enable password. Go into configuration mode and issue
    the 'passwd your_password' command to change your Telnet password and the
    'enable password your_enable_password' command to create an enable password,
    and then save your configuration"

    If that doesn't work then perhaps you have a different version other than
    6.3 on the units, so do a "show ver" at the telnet prompt to find out - you
    need to use the appropriate version of the password recovery program.

    np63.bin (6.3 release)
    np62.bin (6.2 release)
    np61.bin (6.1 release)
    np60.bin (6.0 release)
    np53.bin (5.3 release)
    np52.bin (5.2 release)
    np51.bin (5.1 release)
    np50.bin (5.0 release)
    np44.bin (4.4 release)
    nppix.bin (4.3 and earlier releases)

    These are available at http://www.cisco.com/warp/public/110/npxx.bin where
    xx=release.

    Don Woodward
     
    News Account, Apr 21, 2004
    #2
    1. Advertisements

  3. Hi,

    There's something else I forgot to mention. The previous admin closed
    all telnet ports! The npxx.bin images will set the *telnet* password
    to cisco, but since all telnet ports are closed, I cannot telnet to
    the Pix. There seems to be no way to access the thing from the
    console. The only relevant console command available to non-privileged
    users is "enable", and, as the documentation says, there is no default
    "enable" password. I'm stuck...

    I'd even accept a way to open them and physically reset them to their
    default factory.

    Regards
    dr171
     
    Anonymous Poster, Apr 21, 2004
    #3
  4. Ticking Timebomb, Apr 22, 2004
    #4
  5. Hi,

    Problem solved. First, the cisco documentation is confusing. When they
    say there's "No Default Password", they really mean "There's no
    password". I thought they had some kind of invalid password for
    security reasons.

    The main problem was hyperterminal (!!!). At some point, I had to
    reboot the workstation connected to the PIX. Guess what? en <enter>
    <enter> worked like a charm! I don't know what happens, but my guess
    is that HyperTerminal was configured to send CRLF or something else. I
    don't know. In any case, I should have used another terminal program.
    Wasted 6 hours of my time (ARGH!).

    Regards
    dr171
     
    Anonymous Poster, Apr 25, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.