Password Recovery

If you forget your enable password, the PIX firewall requires you to upload a file to the flash. This special file nullifies the current password without erasing your configuration. The process is virtually identical to loading a new image using the monitor> prompt and a TFTP server. You can download the password file for your specific version of OS image at www.cisco.com/warp/public/110/34.shtml.

The password file for 6.2 release, for instance, is np62.bin . This utility resets the enable and Telnet passwords to their default settings, which is cisco for both of them.

Listing 4.13 shows the steps for uploading a password recovery file.

Listing 4.13 Password Recovery Example

 monitor> interface 1 monitor> address 192.168.1.1 address 192.168.1.1 monitor> server 192.168.1.11 server 192.168.1.11 monitor> file np62.bin file np62.bin monitor> tftp tftp np62.bin@192.168.1.11........................... Received 73728 bytes Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002 Flash=E28F640J3 @ 0x3000000 BIOS Flash=E28F640J3 @ 0xD8000 Do you wish to erase the passwords? [yn] y The following lines will be removed from the configuration:     enable password ZFatiF0MarNtVoTD encrypted     passwd 2KFQnbNIdI.2KYOU encrypted Do you want to remove the commands listed above from the configuration? [yn] y 

Password recovery on older PIX firewalls such as the PIX 510 and 520 is done using a floppy disk: A password lockout utility is loaded from a floppy, and the PIX firewall is rebooted.