How do I reset the password on a Cisco PIX 501 Firewall

by Feb 08, 2009

First you need to set up a TFTP server. I recommend this free TFTP server from Solarwinds.

Next you need to download the appropriate password reset binary file from Cisco:

The appropriate binary file, depending on the PIX software version you are running NOT the bios version.

Now you need to connect a console cable to the PIX Firewall and use a terminal emulation program like Putty to access the console.

When you boot the Cisco PIX 501 you will see the loading process in the terminal program. You have a short amount of time before it begins loading the OS. You need to press escape on your keyboard so it will bypass normal boot mode. You will know if you did it right because the prompt will say “Monitor”.

Now you need to type the following commands, complete each command by pressing enter:

1) address x.x.x.x
(where x.x.x.x is the IP address to assign to the primary interface. It needs to be on the same subnet as your TFTP server or you will need to assign an appropriate gateway in a later step.)

2) server x.x.x.x
(where x.x.x.x is the IP address that your TFTP server is listening on)

3) file filename
(where filename is name of the file you downloaded from Cisco. Be sure it’s in the TFTP server root directory. For the SolarWinds TFTP app you can set this under the file menu and configure)

4) ping x.x.x.x
(where x.x.x.x is the IP of your TFTP server, this tells you if the Cisco can see the TFTP server. If it fails do not continue, you will have to fix your network issue first)

5) gateway x.x.x.x
(where x.x.x.x is the IP of your router or gateway. This is only needed if your TFTP server is on a different subnet)

6) tftp

You should see the file upload and then you should get the message “Do you wish to erase the passwords? [yn]”
press y and it should erase your password