If you forget your enable password, the PIX firewall requires you to upload a file to the flash. This special file nullifies the current password without erasing your configuration. The process is virtually identical to loading a new image using the monitor> prompt and a TFTP server. You can download the password file for your specific version of OS image at www.cisco.com/warp/public/110/34.shtml.
The password file for 6.2 release, for instance, is np62.bin . This utility resets the enable and Telnet passwords to their default settings, which is cisco for both of them.
Listing 4.13 shows the steps for uploading a password recovery file.
Listing 4.13 Password Recovery Example
monitor> interface 1 monitor> address 192.168.1.1 address 192.168.1.1 monitor> server 192.168.1.11 server 192.168.1.11 monitor> file np62.bin file np62.bin monitor> tftp tftp firstname.lastname@example.org........................... Received 73728 bytes Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002 Flash=E28F640J3 @ 0x3000000 BIOS Flash=E28F640J3 @ 0xD8000 Do you wish to erase the passwords? [yn] y The following lines will be removed from the configuration: enable password ZFatiF0MarNtVoTD encrypted passwd 2KFQnbNIdI.2KYOU encrypted Do you want to remove the commands listed above from the configuration? [yn] y