If I am out of line with my post, please point me in right direction.
I inherited at my job a network with a PIX 506e connected to a cisco 800 series off a nettopia dsl device.
I need to get in to the pix 506e to setup and change the vpn settings. the password has to be reset. i have a serial emulator talking to the 506e and I can get to the monitor> prompt. but when i point to my tftp server for the np63.bin file, it times outs. my gateway is showing 192.168.100.1. so i am assuming that is the pix 506e. since that is the only ip address that appears likely to be the 506e. i am apparently wrong since i cannot ping the tftp server (192.168.100.54) from the monitor> prompt.
Welcome to Firewall.cx rcpr
You might not be wrong; logic does suggest that the gateway address will be that of the PIX. Perhaps the reason you can't get to the TFTP server is that the PIX configuration isn't permitting it. SInce you inherited the thing you don't know for sure how, or from where, the previous admin used to configure it. I don't know much about the PIX, however, so at this point I'll shut up and let someone else tell us how to get into it
Re: ip address of pix 506e?
12 years 3 months ago #14517
Can you post the commands and output from the monitor prompt?
The config is never read when you go into monitor mode, so the pix has no IP information at that point.
You need to tell it which interface the tftp server is connected to, then give that interface an address, then tell it the server address.
the ping command is available to test connectivity before trying to tftp the file. The tftp server is also going to need to be on the same subnet as the interface you specify. It will work if its not, but it makes life easier. I recommend downloading a free tftp server to your workstation/laptop, then plug that system directly into the inside port and go from there. Since you are in monitor mode, you can unplug the outside since no traffic is passing through anyway.
My next opportunity for downtime will be this weekend
12 years 3 months ago #14520
My laptop doesn't have a serial port, but our dhcp server does. so i was using it for the tftp server and it's serial (com1). i just noticed that in my earlier post i said the tftp server was 192.168.100.54. that was incorrect - sorry. i should of typed 192.168.100.20.
i set the ADDRESS to 192.168.100.1 (pix)
i set the server to 192.168.100.20 (tftp) (solarwinds)
i didn't set the gateway.
I will take snapshots of all the responses and post.
Re: ip address of pix 506e?
12 years 3 months ago #14524
I would set the gateway to the same address as the tftp server.
Even though its a connected subnet, it may not behave correctly without a route.
Also check for a firewall on the TFTP Server and make sure tftp is allowed through.
For serial, you can get a usb-serial converter. I use one on my Thinkpad and works pretty well... why they include a printer port but no serial port is beyond me... whoever came up with that idea should be fired or shot or both.
i tried again this weekend... still no success.
12 years 3 months ago #14636