Information Technology Reference
In-Depth Information
PIX 520 Password Recovery Procedure
The following is the recommended process for recovering lost passwords in PIX 520 firewalls.
Download Nppix.bin and rawrite.exe from: www.cisco.com/warp/customer/110/34.shtml into the same
directory on a PC. (You will need a CCO login to download.)
Step 1
When you have retrieved the two files, execute RAWRITE: C:\TEMP>RAWRITE.
RaWrite 1.2—Write the disk file to a raw floppy disk.
Step 2
Enter source filename: NPPIX.BIN.
Step 3
Enter destination drive A.
Step 4
Insert a formatted disk into drive A, and press Enter.
The Rawrite program then writes the password recovery image to disk.
Step 5
Boot your PIX with that disk, which will clear the old password.
Step 6
Downloading a PIX 515 Image over TFTP
Because the PIX 515 does not have a floppy drive, the only method of password recovery available is by
downloading a recovery program from a TFTP server. The TFTP capabilities directly take the place of
the floppy loader, so all previous functions that were handled with a floppy will be handled with TFTP.
Please note the following:
•
TFTP on the PIX requires that you reboot the PIX.
•
When you enter the ROM monitor, the PIX application
will not
be running, so no traffic will pass in
your network while this operation is being performed.
•
The TFTP server should be on the most secure part of the network (preferably on the inside).
•
Using TFTP to copy a new image or password recovery will require your network to be offline until
this activity is complete.
•
Once the system is rebooted, the addresses used during the TFTP process do not remain in the
configuration or memory.
The PIX 515 receives its boot image either from Flash memory or by downloading the image from a
TFTP server.
This section describes the
monitor
command, which you will invoke while the PIX 515 is booting by
sending a Break character or pressing the Escape key.
Because the PIX 515 does not have a disk drive, you need to send a binary image to the PIX 515 using
TFTP.
The PIX 515 has a special mode called monitor mode that lets you retrieve the binary image over the
network. When you power on or reboot the PIX 515, it waits 10 seconds, during which you can send a
break character or press the Escape key to activate monitor mode.
If you do not want to enter the boot mode, press the Spacebar to start the normal boot immediately, or
wait until the 10 seconds have finished, and the PIX 515 will boot normally.
While in monitor mode, you can enter commands that let you specify the location of the binary image,
download it, and reboot the PIX 515 from the new image. If you do not activate monitor mode, the PIX
515 boots normally from Flash memory.
Monitor mode also lets you
ping
the TFTP server to see if it is online and to specify the IP address of
the nearest router if the image is not on a subnet shared with a PIX 515 interface.
