Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

mong duoc huong dan Recovery password cho PIX 515E

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mong duoc huong dan Recovery password cho PIX 515E

    Em đang phải recovery password cho con PIX firewall 515E, nhưng không biết quy trình như thế nào mong anh (dangquangminh@vnpro.org) và ai biết chỉ giúp em với.
    xin cảm ơn rất nhiều.

  • #2
    co le ban len www.cisco.com va search

    Comment


    • #3
      Password Recovery Procedure for the PIX
      Document ID: 8529

      Introduction
      This document describes how to recover a PIX password for PIX software releases through 7.0. Note that performing password recovery on the PIX erases only the password, not the configuration. If there are Telnet
      or console aaa authentication commands in versions 6.2 and greater, the system will also prompt to remove these.

      Note: If you have configured AAA on the PIX and the AAA server is down, you can access the PIX by entering the Telnet password initially, and then "pix" as the username and the enable password (enable password password) for the password. If there is no enable password in the PIX configuration, enter "pix" for the username and press ENTER. If the enable and Telnet passwords are set but not known, you will need to continue with the password recovery process.

      The PIX Password Lockout Utility is based on the PIX software release you are running.

      Components Used

      The information in this document requires these hardware devices:
      · A PC
      · A working serial terminal or terminal emulator
      · Approximately 10 minutes of PIX and network downtime

      Note: You must have approximately 10 minutes of PIX and network downtime to perform this procedure. To use the password recovery procedure, you need the PIX Password Lockout Utility, which includes these
      files:
      Cisco − Password Recovery Procedure for the PIX
      The appropriate binary file, depending on the PIX software version you are running:
      ¨ np70.bin (7.0 release)
      ¨ np63.bin (6.3 release)
      ¨ np62.bin (6.2 release)
      ¨ np61.bin (6.1 release)
      ¨ np60.bin (6.0 release)
      ¨ np53.bin (5.3 release)
      ¨ np52.bin (5.2 release)
      ¨ np51.bin (5.1 release)
      ¨ np50.bin (5.0 release)
      ¨ np44.bin (4.4 release)
      ¨ nppix.bin (4.3 and earlier releases)
      ·
      · rawrite.exe (needed only for PIX machines with a floppy drive)
      TFTP Server Software (needed only for PIX machines without a floppy drive)  TFTP server
      software is no longer available from Cisco.com, but you can find many TFTP servers by searching for "tftp server" on your favorite Internet search engine. Cisco does not specifically recommend any particular TFTP implementation.
      ·

      Step−by−Step Procedure

      PIX With a Floppy Drive

      To recover your password, follow the steps below:
      Execute the rawrite.exe file on your PC and answer the questions on the screen using the correct
      password recovery file.
      1.
      2. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
      Verify that you have a connection with the PIX, and that characters are going from the terminal to the
      PIX, and from the PIX to the terminal.
      Note: Because you are locked out, you will see only a password prompt.
      3.
      4. Insert the PIX Password Lockout Utility disk into the floppy drive of the PIX.
      Push the Reset button on the front of the PIX. The PIX will reboot from the floppy and print the
      message below:
      Erasing Flash Password. Please eject diskette and reboot.
      5.
      Eject the disk and press the Reset button. You will now be able to log in without a password. When
      you are prompted for a password, press ENTER.
      6.
      The default Telnet password after this process is "cisco." There is no default enable password. Go into
      configuration mode and issue the passwd your_password command to change your Telnet password
      and the enable password your_enable_password command to create an enable password, and then
      save your configuration.
      7.

      Cisco − Password Recovery Procedure for the PIX


      PIX Without a Floppy Drive

      To recover your password, follow the steps below:
      Note: Sample output from the password recovery procedure is available below.
      1. Install a serial terminal or a PC with terminal emulation software on the PIX console port.
      Verify that you have a connection with the PIX, and that characters are going from the terminal to the
      PIX, and from the PIX to the terminal.
      Note: Because you are locked out, you will see only a password prompt.
      2.
      Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK
      character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question
      mark) to list the available commands.
      3.
      Use the interface command to specify which interface the ping traffic should use. For floppiless
      PIXes with only two interfaces, the monitor command defaults to the inside interface.
      4.
      5. Use the address command to specify the IP address of the PIX Firewall's interface.
      Use the server command to specify the IP address of the remote TFTP server containing the PIX
      password recovery file.
      6.
      Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1
      release uses a file named np51.bin.
      7.
      If needed, enter the gateway command to specify the IP address of a router gateway through which
      the server is accessible.
      8.
      If needed, use the ping command to verify accessibility. If this command fails, fix access to the server
      before continuing.
      9.
      10. Use the tftp command to start the download.
      As the password recovery file loads, the following message is displayed:
      Do you wish to erase the passwords? [yn] y
      Passwords have been erased.
      Note: If there are Telnet or console aaa authentication commands in version 6.2, the system will
      also prompt to remove these.
      11.
      The default Telnet password after this process is "cisco." There is no default enable password. Go into
      configuration mode and issue the passwd your_password command to change your Telnet password
      and the enable password your_enable_password command to create an enable password, and then
      save your configuration.
      12.
      Sample Output
      The following example of floppiless PIX password recovery with the TFTP server on the outside interface is
      taken from a lab environment.
      Network Diagram
      Cisco − Password Recovery Procedure for the PIX
      monitor> interface 0
      0: i8255X @ PCI(bus:0 dev:13 irq:10)
      1: i8255X @ PCI(bus:0 dev:14 irq:7 )
      Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
      monitor> address 10.21.1.99
      address 10.21.1.99
      monitor> server 172.18.125.3
      server 172.18.125.3
      monitor> file np52.bin
      file np52.bin
      monitor> gateway 10.21.1.1
      gateway 10.21.1.1
      monitor> ping 172.18.125.3
      Sending 5, 100−byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
      !!!!!
      Success rate is 100 percent (5/5)
      monitor> tftp
      tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
      Received 73728 bytes
      Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
      Flash=i28F640J5 @ 0x300
      BIOS Flash=AT29C257 @ 0xd8000
      Do you wish to erase the passwords? [yn] y
      Passwords have been erased.
      Rebooting....
      NetPro Discussion Forums − Featured Conversations
      Networking Professionals Connection is a forum for networking professionals to share questions, suggestions,
      and information about networking solutions, products, and technologies. The featured links are some of the
      most recent conversations available in this technology.
      NetPro Discussion Forums − Featured Conversations for Security
      Security: Intrusion Detection [Systems]
      Security: AAA
      Security: General
      Security: Firewalling
      Cisco − Password Recovery Procedure for the PIX
      Related Information
      · PIX Support Page
      · Documentation for PIX Firewall
      · PIX Command References
      · Requests for Comments (RFCs)
      · Technical Support − Cisco Systems
      All contents are Copyright © 1992−2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
      Updated: May 13, 2005 Document ID: 8529
      Attached Files

      Comment


      • #4
        cảm ơn anh rất nhiều nhưng thực sự là em ốc học lắm, bài viết bằng tiếng anh nên đọc không hiểu hết nghĩa nên chưa giám làm, (làm sợ rớt mạng thì cả công ty la chết luôn).
        con Pix của em đúng là version 63 như anh cho tai liệu và nó k có ổ mềm, có 2 cổng E0 va E1.
        Hiện nay đang dùng E0 là chiều outside - nối với modem ADSL
        E 1 là chiều inside - nối với SW cisco 2950
        em đã bật tắt lại và
        vào được monitor> rồi nhưng không biết nên set ip add như thế nào và các bước tiếp theo nên làm thế nào?? mong mấy anh chỉ giúp cụ thể đi.
        (file np63 đã giải nén và đặt tại thư mục trên máy tính console rồi)

        Trân trọng cảm ơn.

        Comment


        • #5
          << viết tiếp >>
          em đã làm như sau:


          monitor> interface 1
          0: i8255X @ PCI(bus:0 dev:14 irq:10)
          1: i8255X @ PCI(bus:0 dev:13 irq:11)

          Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0013.7ff1.99ae
          monitor>
          monitor> address 192.168.111.2
          address 192.168.111.2
          monitor> server 192.168.111.1
          server 192.168.111.1
          monitor> file np63.bin
          file np63.bin
          monitor> gateway 192.168.111.2
          gateway 192.168.111.2
          monitor> ping 192.168.111.1
          Sending 5, 100-byte 0x6951 ICMP Echoes to 192.168.111.1, timeout is 4 seconds:

          Success rate is 0 percent (0/5)
          monitor> tftp
          tftp np63.bin@192.168.111.1 via 192.168.111.2

          sau đó biết là máy mình k có tftp server nên đã down 1 cái cài thành công
          và set cấu hình là:

          IP : 192.168.111.1
          SNM: 255.255.255.0

          và làm lại như trên nhưng k chạy


          Mong được chỉ giáo,
          Xin ? thêm là làm thế nào để đưa file : np63.bin lên tftp server mình vừa setup được ??????
          eo ôi ngốc quá, các bác giúp đi

          Comment


          • #6
            xem thử bài do BTâm viết:

            Đặng Quang Minh, CCIEx2#11897 (Enterprise Infrastructure, Wireless), DEVNET, CCSI#31417

            Email : dangquangminh@vnpro.org
            https://www.facebook.com/groups/vietprofessional/

            Comment


            • #7
              Xin cam on cac su huynh,
              em da lam duoc roi.

              Comment


              • #8
                Bạn dragon2005 cho mình xin số điện thoại hay nick face dc ko, mình cũng đang vướng cái này. hic

                Comment


                • #9
                  vào được monitor> rồi nhưng không biết nên set ip add như thế nào và các bước tiếp theo nên làm thế nào??????



                  _____________
                  === http://www.solitairechamp.biz/ ===
                  Last edited by hnoor0066; 25-07-2016, 07:20 PM.
                  NOOR

                  Comment


                  • #10
                    cảm ơn bạn nhiều, đã làm được


                    ----------------///------------------------
                    cong ty diet con trung

                    Comment

                    Working...
                    X