发信人: zhonglong (zhonglong), 信区: Board
标  题: 【北京中龙】思科PIX防火墙密码恢复过程
发信站: 中国Cisco技术论坛 (Thu Jul 28 22:15:10 2005)


【北京中龙】思科PIX防火墙密码恢复过程

PIX Without a Floppy Drive
To recover your password, follow the steps below:
Note: Sample output from the password recovery procedure is available below.


1. Install a serial terminal or a PC with terminal emulation software on the P

IX console port.
Verify that you have a connection with the PIX, and that characters are going 

from the terminal to the
PIX, and from the PIX to the terminal.
Note: Because you are locked out, you will see only a password prompt.
2.
Immediately after you power on the PIX Firewall and the startup messages appea

r, send a BREAK
character or press the ESC key. The monitor> prompt is displayed. If needed, t

ype ? (question
mark) to list the available commands.
3.
Use the interface command to specify which interface the ping traffic should u

se. For floppiless
PIXes with only two interfaces, the monitor command defaults to the inside int

erface.
4.
5. Use the address command to specify the IP address of the PIX Firewall's int

erface.
Use the server command to specify the IP address of the remote TFTP server con

taining the PIX
password recovery file.
6.
Use the file command to specify the filename of the PIX password recovery file

. For example, the 5.1
release uses a file named np51.bin.
7.
If needed, enter the gateway command to specify the IP address of a router gat

eway through which
the server is accessible.
8.
If needed, use the ping command to verify accessibility. If this command fails

, fix access to the server
before continuing.
9.
10. Use the tftp command to start the download.
As the password recovery file loads, the following message is displayed:
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Note: If there are Telnet or console aaa authentication commands in version 6.

2, the system will
also prompt to remove these.
11.
The default Telnet password after this process is "cisco." There is no default

 enable password. Go into
configuration mode and issue the passwd your_password command to change your T

elnet password
and the enable password your_enable_password command to create an enable passw

ord, and then
save your configuration.

Sample Output
The following example of floppiless PIX password recovery with the TFTP server

 on the outside interface is
taken from a lab environment.

monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor> address 10.21.1.99
address 10.21.1.99
monitor> server 172.18.125.3
server 172.18.125.3
monitor> file np52.bin
file np52.bin
monitor> gateway 10.21.1.1
gateway 10.21.1.1
monitor> ping 172.18.125.3
Sending 5, 100−byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 sec

onds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000


Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Rebooting....

防火墙密码恢复所需文件可以联系北京中龙免费获取

北京中龙公司－二手思科/华为设备专卖/出租/回收
北京市海淀区知春路17号
010－82318844，82318484,13051392550
QQ-157703107
MSN: cn-dragon@hotmail.com
http://bbs.ccxx.net
--

--

※ 来源:．中国Cisco技术论坛 bbs.ccxx.net [FROM: 221.221.24.105]