Password Recovery
If you ever find yourself in the unfortunate circumstance of having forgotten or lost the
console and Telnet password to your Cisco PIX Firewall or ASA Security Appliance, do not
panic. Like most Cisco products, Cisco Security Appliance devices have a procedure to
recover lost passwords. Unlike the Cisco router password recovery process, which entails
changing the configuration register number, PIX Firewall uses a different method. PIX
Firewall uses a password lockout utility to regain access to the locked-out device. The
password lockout utility is based on the PIX Firewall software release you are running. Table
4-6 shows the binary filename (that is included with the utility) and the corresponding PIX
Firewall OS on which it is used. These files can be downloaded from the Cisco website.
Example 4-4 Creating a Bootable Disk from Windows
C:\>rawrite
RaWrite 1.2 - Write disk file to raw floppy diskette
Enter source file name: bh61.bin
Enter destination drive: a:
Please insert a formatted diskette into drive A: and press -ENTER- :
Number of sectors per track for this disk is 18.
Writing image to drive A:. Press ^C to abort.
Track: 11 Head: 1 Sector: 16
Done.
C:\>
Table 4-6 PIX Firewall Password Lockout Utility Filenames
Filename PIX Firewall Software Version
nppix.bin 4.3 and earlier releases
np44.bin 4.4 release
continues
94 Chapter 4: System Management/Maintenance
When you boot the Cisco PIX Firewall with one of these binary files, the enable password is
erased and the Telnet password is reset to cisco.