Well, after playing with PIX firewall simulator for a while to get used to all command in different shells. Thus, it's time to set on the real one. What I have is PIX 501; I bought off of craiglist.org only $70.  First thing we have to know is removing old password and restoring or clearing factory configuration.

Well, what is a requirement in order to remove the password is:-Cisco PIX Firewall - # show version

  • PIX itself for sure
  • Console cable
  • PIX Password Lockout Utility - this is depending on PIX software you are running--beware of BIOS version which is not the same thing, you can see when you try to login to PIX shell as figure on the right. (But surely you couldn't get in because of unknown password)
  • TFTP server
  • HyperTerminal in Win XP or PuTTy application for accessing PIX
  • Time!! It's actually taking < 10min for whole process.

For TFTP server, I recommend you this, http://sourceforge.net/projects/tftp-server/, easy to use, freeware and open-source, what else can you ask for. For setting up you, just have to go through installation wizard.

TFTP server statusThen, you have to edit a bit in configuration file.

[HOME]
c:\myHome
[TFTP-OPTIONS]
Read=Y

Afterward, putting PIX Password Lockout Utility in home directory of TFTP server and restart the service or start stand-alone command in the menu to be able to see server status while doing all this.

So far, we have TFTP server ready. Now we need to access PIX by connecting console cable and ethernet0 interface to gateway or router which TFTP server connected to.

Network Diagram
Fig 1. Network Diagram

Once you set all this up, get yourself into terminal/PuTTY. Then you have to interrupt boot process for monitor shell by pressing BREAK or ESC.

Cisco Secure PIX Firewall BI0S (4.2) #6: Mon Aug 27 15:09:54 PDT 2001
Platforn PIX-501
Flash=E28F660J3 @ Ox3000000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:17 irq:9
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 000d.2370.40ac Use ? for help.

monitor>

What you have to do is setting IP address of PIX, gateway, and TFTP server, and Password Lockout Firewall filename.

monitor> interface 0
0: i8255X @ PCI(bus:0 dev:17 irq:9
1: i8255X @ PCI(bus:0 dev:18 irq:10)
Using 0: i82557 @ PCI(bus:0 dev:17 irq:9 ), MAC: 000d.2870.L0ab
monitor> address 192.168.10.99
address 192.168.10.99
monitor> server 192.168.10.128
server 192.168.10.128
monitor> file np63.bin
file np63.bin
monitor> gateway 192.168.10.10
gateway 192.168.10.10
monitor> ping 192.168.10.128
Sending 5, 100-byte 0x7206 ICMP Echoes to 192.168.10.128, timeout is 5 seconds:

Success rate is 0 percent (0/5)
monitor> ping 192.168.10.128
Sending 5, 100-byte 0x7205 ICMP Echoes to 192.168.10.128, timeout is 5 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp np63.bin@192.168.1O.128 via 192.168.1O.1O<6><3><3>.<11><11><11> ........................................
...............................................
Received 92160 bytes

Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
Flash=E28F640J3 @ 0x3000000
BIOS F1ash=E28F66OJ3 @ 0xD8000

Do you wish to erase the passwords? [yn]

There you go, your PIX will be accessible afterward. However, this will not erase any configuration in the PIX. You have 2 choices of doing it though:-

1. pixfirewall(config)# configure factory-default
2. pixfirewall(config)# clear configure all

What difference between these 2 commands are the first one will restore back factory default value which enables DHCP server for inside and get IP address by DHCP for outside, but the latter is clear everything, so you have to use console to start configuring from the beginning.

By the way, if you read up to here, you, might be like me, are starting to understand all PIX commands and configurations. Then 'clear configure all' is the way to go. Next time, we will go through how to set this up in existing network. Stay tuned.