5-6. Firewall Password Recovery

If the first-level (Telnet) and privileged user (enable) passwords on a functioning Cisco firewall are unknown or have been forgotten, it is possible to recover control of the device. Basically, a password recovery utility is downloaded to the firewall from a TFTP server. This procedure is very similar to upgrading the OS image from the PIX monitor prompt.

Recovering a PIX or ASA Password

Follow these steps to reload and erase the PIX passwords:

Make sure a TFTP server is available. The TFTP server should have a copy of the correct PIX Password Lockout Utility software. You can find this utility on Cisco.com at http://www.cisco.com/warp/customer/110/npXX.bin where XX is the PIX OS software release. For example, ...

Get Cisco ASA and PIX Firewall Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.