1. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
2.Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
Note: Because you are locked out, you only see a password prompt.
3.Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAKcharacter or press the ESC key. The monitor> prompt is displayed. If needed, type ?( question mark) to list the available commands.
4.Use the interface command to specify which interface the ping traffic should use. For floppilessPIXes with only two interfaces, the monitor command defaults to the inside interface.
5. Use the address command to specify the IP address of the PIX Firewall's interface.
6.Use the server command to specify the IP address of the remote TFTP server containing the PIXpassword recovery file.
7.Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np51.bin.
8.If needed, enter the gateway command to specify the IP address of a router gateway through whichthe server is accessible.
9.If needed, use the ping command to verify accessibility. If this command fails, fix access to the serverbefore continuing.
10. Use the tftp command to start the download.
11.As the password recovery file loads, this message is displayed:
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Note: If there are Telnet or console aaa authentication commands in version 6.2, the system also prompts to remove these.
12.The default Telnet password after this process is "cisco." There is no default enable password. Go into
configuration mode and issue the passwd your_password command to change your Telnet password
and the enable password your_enable_password command to create an enable password, and then save your configuration.
Sample Output
monitor>interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor>address 10.21.1.99
address 10.21.1.99
monitor>server 172.18.125.3
server 172.18.125.3
monitor>file np52.bin
file np52.bin
monitor>gateway 10.21.1.1
gateway 10.21.1.1
monitor>ping 172.18.125.3
Sending 5, 100−byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>tftp
tftp [email protected] via 10.21.1.1...................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Rebooting....
密碼清除過程基本是按照官方文檔執行,在實施過程中需要注意以下幾個問題。
1,TFTPserver 使用cisco的不能正常傳輸文件,在實施過程中我使用了3com的tftp server
2,查看pix 的軟件版本可以通過 pix> show version 得到,如果配了AAA就無法這樣查看版本。
3,確認軟件版本下載相應的np.bin文件,例如我的軟件版本是6.3需要下載6.3np.bin
4,Np.bin下載地址:[url]http://www.cisco.com/en/US/products/hw/***devc/ps2030/products_password_recovery09186a008009478b.shtml#[/url]
5,Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
System Flash=E28F128J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
Do you wish to erase the passwords? [yn] y
The following lines will be removed from the configuration:
enable password SlgzeJQSao5XI0a9 encrypted
passwd RGbOD..44GkQaU8/ encrypted
Do you want to remove the commands listed above from the configuration? [yn] y Passwords and aaa commands have been erased.
Reboot…….
6,重啓後enable 密碼爲空,telnet 密碼:cisco