Install and Use a Windows TFTP Server

Windows TFTP KB ID 0000063 

Problem

Note: If you are using a mac, then seee the following link; MAC OS X TFTP Software

There are many free tftp applications, my personal favourite is 3Cdaemon, as it also has a built in syslog server and an FTP server. heres how to install it on your computer.

There are a number of places you can download 3CDeamon or just  CLICK HERE

Deploy a windows TFTP Server

Download the files and extract them to your PC, then run the setup.exe file > At the Welcome screen > Next.

At the license screen > Yes.

Either accept the default location or choose your own > Next.

5. Leave it on the default > Next.

When its done > OK.

Launch the application.

9.Ensure the “TFTP Server” section is selected > Click the “Pen knife” Icon labelled “Configure TFTP Server”.

10. Change the Upload / Download directory to something you will find easliy (I usually create a “TFTP Root” folder on the C: drive.

Related Articles, References, Credits, or External Links

Backup and Restore a Cisco Firewall with TFTP

FortiGate TFTP : Backup To & Restore From

Backup and Restore Cisco IOS (Switches and Routers)

Backup and Restore a Cisco Firewall

CentOS – Install and Configure a TFTP Server

Deploy Dual Virtual ASA Firewalls In Active/Standby Failover

KB ID 0000053

Problem

Now you have created your Virtual ASA platform you want to deploy 2 of them in failover configuration.

Solution

Notes:

Software To Download

Qemu with ASA

Dynamips

WinPcap

Sample Batch File

[box] @echo off ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console ECHO ——————————————————- ECHO * * * * * * *DO NOT CLOSE THIS WINDOWS* * * * * * * * qemupcap -L . -hda FLASH1 -hdachs 980,16,32 -kernel vmlinuz -initrd asa-nolina.gz -m 256 –no-kqemu -append “auto nousb ide1=noprobe bigphysarea=16384 console=ttyS0,9600n8 hda=980,16,32” -net nic,vlan=0,model=pcnet,macaddr=00:aa:00:00:01:01 -net pcap,vlan=0,ifname=DeviceNPF_{120662E6-8B8B-4A6D-A0B1-9159DBD283BA} -net nic,vlan=1,model=pcnet,macaddr=00:aa:00:00:01:02 -net pcap,vlan=1,ifname=DeviceNPF_{BF1F38D4-5D13-4DA2-B50B-17B1F35B1FA8} -net nic,vlan=2,model=pcnet,macaddr=00:aa:00:00:02:02 -net pcap,vlan=2,ifname=DeviceNPF_{2AA77C53-B558-4E7C-A377-E92BF9FAF1BB} -serial telnet::1234,server,nowait[/box]

MAKE SURE ALL THE MAC ADDRESSES AND Network ID’s are unique!!!!!!

Commands to enter at Telnet

modprobe e100 ifconfig eth0 up ifconfig eth1 up ifconfig eth2 up cd /mnt/disk0 ./lina_monitor

Command to save config

[box]copy run disk0:/.private/startup-config[/box]

Related Articles, References, Credits, or External Links

NA

Cisco PIX (500 Series) Password Recovery / Reset

KB ID 0000064 

Problem

If you are locked out of your PIX firewall then you will need to do some password recovery, this procedure will reset the enable password and remove any AAA username and password settings on the PIX.

Note: If you have a PIX 520 (This has a floppy drive, and the process is different) CLICK HERE

Solution

Before You Start !

1. You need to know the software version that is running on the PIX e.g 6.3(5) or 7.0(1)

2. You need a TFTP server set up and running CLICK HERE for instructions.

3. You need to be connected to the PIX via its console cable CLICK HERE for instructions.

4. You need to download the “PIX Password Lockout Utility” that’s appripriate for your PIX i.e if your running 6.3(5) download , np63.bin or version 7.0(1) download np70.bin etc, you get get them HERE Put the file in the root directory of your TFTP server.

Procedure

1. Connect to the Firewall via console cable, then power cycle the firewall, as the firewall reboots press BREAK or ESC to interrupt the boot sequence and get to the monitor prompt.

[box]

monitor> 

[/box]

2. Now the firewall has no config loaded, so you need to tell it everything it needs to know, firstly we need to set up the inside interface so we can load in the password reset utility. Use the interface command (PIX’s with only two interfaces it will default to the inside interface).

[box]

monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10) 

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0012.daf1.5185
monitor>

[/box]

3. You need to tell it what its inside IP address is, use the address command.

[box]

monitor> address 192.168.1.1
address 192.168.1.1 

[/box]

4. Now you need to give it the IP address of the TFTP server you set up ealier, use the server command.

[box]

monitor> server 192.168.1.2
server 192.168.1.2 

[/box]

5. The last thing the PIX needs is the name of the password unlock file for this example I’ll use np63.bin, you will need to use the file command.

[box]

monitor> file np63.bin
file np63.bin

[/box]

6. To start the process, issue the tftp command.

[box]

monitor> tftp
tftp np63.bin@192.168.1.2.......................................................
................................................................................
..............................................
Received 92160 bytes 

Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
Flash=E28F640J3 @ 0x3000000
BIOS Flash=E28F640J3 @ 0xD8000

[/box]

7. Confirm by pressing y then {enter}.

[box]

Do you wish to erase the passwords? [yn] y

[/box]

8. Confirm by pressing y then {enter} again.

[box]

Do you want to remove the commands listed above from the configuration? [yn] y Passwords and aaa commands have been erased.

Rebooting..

 

[/box]

9. The Firewall will reboot and the passwords will be blanked.

[box]

Type help or '?' for a list of available commands.
Firewall> en
Password:
firewall#

[/box]

Related Articles, References, Credits, or External Links

Factory Reset a Cisco Firewall

Cisco Catalyst Password Recovery / Reset

Cisco ASA – Password Recovery / Reset

Cisco Router – Password Recovery /Bypass