Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

B-9

Cisco ASDM User Guide

OL-16647-01

Appendix B Troubleshooting

Performing Password Recovery

You can log in with the default login password of “cisco” and the blank enable password.

The following example shows password recovery on a PIX 500 series security appliance with the TFTP

server on the outside interface:

monitor> interface 0

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9

monitor> address 10.21.1.99

address 10.21.1.99

monitor> server 172.18.125.3

server 172.18.125.3

monitor> file np70.bin

file np52.bin

monitor> gateway 10.21.1.1

gateway 10.21.1.1

monitor> ping 172.18.125.3

Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:

!!!!!

Success rate is 100 percent (5/5)

monitor> tftp

tftp np52.bin@172.18.125.3 via 10.21.1.1

Received 73728 bytes

Cisco PIX password tool (4.0) #0: Tue Aug 22 23:22:19 PDT 2005

Flash=i28F640J5 @ 0x300

BIOS Flash=AT29C257 @ 0xd8000

Do you wish to erase the passwords? [yn] y

Passwords have been erased.

Rebooting....

Disabling Password Recovery

You might want to disable password recovery to ensure that unauthorized users cannot use the password

recovery mechanism to compromise the security appliance. To disable password recovery, enter the

following command:

hostname(config)# no service password-recovery

On the ASA 5500 series adaptive security appliance, the no service password-recovery command

prevents a user from entering ROMMON mode with the configuration intact. When a user enters

ROMMON mode, the security appliance prompts the user to erase all Flash file systems. The user cannot

enter ROMMON mode without first performing this erasure. If a user chooses not to erase the Flash file

system, the security appliance reloads. Because password recovery depends on using ROMMON mode

and maintaining the existing configuration, this erasure prevents you from recovering a password.

However, disabling password recovery prevents unauthorized users from viewing the configuration or

inserting different passwords. In this case, to restore the system to an operating state, load a new image

and a backup configuration file, if available.

The service password-recovery command appears in the configuration file for information only. When

you enter the command at the CLI prompt, the setting is saved in NVRAM. The only way to change the

setting is to enter the command at the CLI prompt. Loading a new configuration with a different version

previous next