Re: restore factory defaults

---

• From: "BradReese.Com® - Leverage Your Cisco Network" <Reese@xxxxxxxxxxxxx>
• Date: 11 Jun 2006 08:15:33 -0700

---

Hi Johan,

To reset the PIX Firewall to factory default, log into the PIX, erase
the configuration and reload the device.

Perform these 3 steps:

Step 1. Log in to the PIX Firewall.

This requires knowledge of the current passwords configured on the PIX
Firewall.

If you do not know the passwords configured on the PIX Firewall,
perform a password recovery procedure.

Password Recovery and AAA Configuration Recovery Procedure for the PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

Step 2. Once you have recovered the password, log in to the device,
enter global configuration mode and issue one of these commands:

clear config all

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd87a.html#wp1952671

write erase

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd7f7.html#wp1284289

Step 3. Reload the PIX Firewall.

The PIX Firewall should reset to factory default.

---------------------------------------------------------------------

Sometimes it is necessary to clear an existing configuration on a PIX
to either move it to a new location for a different use or to make it
perform properly.

In either case, it is important to understand the command necessary to
do this and the impact that it has on performance.

Before you begin this process on an active network, save the existing
configuration on your PIX to a TFTP server.

This allows you to retrieve the configuration file if needed.

When the write erase command

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fd7f7.html#wp1284289

is issued to the PIX, the existing configuration that is saved to
memory, NVRAM, is deleted.

However, until the PIX is reloaded, it continues to perform using that
configuration.

Once the PIX is reloaded, the configuration returns to this set of
default commands:

nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
no pager
interface ethernet0 10full
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 127.0.0.1 255.255.255.255
ip address inside 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80

Only the password commands remain.

This allows you continued access into the device.

If the passwords are unknown, a password recovery is necessary.

Use the PIX Password Utility to reset the password in the
configuration.

For details and step-by-step instructions, refer to:

Password Recovery and AAA Configuration Recovery Procedure for the PIX

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

At this point, a specific configuration can be made.

Hope this helps.

Brad Reese
BradReese.Com - Cisco Network Engineer Directory
http://www.bradreese.com/network-engineer-directory.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
Website: http://www.bradreese.com/contact-us.htm

.

---

• References:
  • restore factory defaults
    • From: Johan

• Prev by Date: Re: QoS on ADSL Router cisco 826
• Next by Date: Re: Cisco 3750 and QoS
• Previous by thread: Re: restore factory defaults
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PIX501 NAT Problem ... The NAT configuration looks fine at the first glance. ... You cannot ping beacuse these are ICMP messages and the reply has nothing to ... > I used several basic configurations for NAT for the PIX 501. ... > fixup protocol http 80 ... (comp.security.firewalls) Re: Problems configuring my PIX525 ... Your pix configuration seems fine to me. ... You wrote that you have hooked a client directly to the pix interface, ... > no snmp-server location ... (comp.security.firewalls) Re: newbie cisco pix 501 config problem ... There is a basic routing problem in your configuration. ... > I'm also new to the PIX firewalls, but after reading a book "Cisco PIX ... > fixup protocol http 80 ... > icmp permit any information-reply outside ... (comp.security.firewalls) Re: PIX FireWall and SBS ... >> PIX. ... >> in controlling access to the internet. ... >> To configure your PIX for use with a DSL PPoE DHCP connection use the ... >> If Earthlink do not use PPoE the configuration above won't be usable. ... (microsoft.public.windows.server.sbs) Re: PIX FireWall and SBS ... >> PIX. ... >> in controlling access to the internet. ... >> To configure your PIX for use with a DSL PPoE DHCP connection use the ... >> If Earthlink do not use PPoE the configuration above won't be usable. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2006-06