Guest

Cisco VPN 3000 Series Concentrators

Password Recovery Procedure for the Cisco VPN 3000 Series

Document ID: 17107

Updated: Apr 21, 2005

   Print

Introduction

This document describes the password recovery procedure for these Cisco Virtual Private Network (VPN) products running version 2.5.1 or later:

  • Cisco VPN 3002

  • Cisco VPN 3005

  • Cisco VPN 3015

  • Cisco VPN 3030

  • Cisco VPN 3060

  • Cisco VPN 3080

Note: For VPN 3000 Series Concentrator, Federal Information Processing Standards Publication (FIPS) release 3.1.X, be aware that there is no way to recover your system if you forget the Administrator password. Take appropriate measures to safeguard your password. If you forget the Administrator password, you cannot log in to your system, and you have to return the VPN Concentrator to be recovered.

Note: If you log in with an Administrator account and you do not have permission to access it, you receive this message: "you do not have sufficient authorization to access the specified page." In order to resolve the issue, follow the password recovery procedure to restore the Administrator permissions.

Note: For concentrators running code version 2.5 or earlier, contact Cisco Technical Support for password recovery assistance.

Note: In order to retrieve the encrypted secret key between the Concentrator and the ACS Server, go to Administration > Access Rights > Access Settings; change the encryption (ex: RC4) to "no encryption" to get the key in plain text in the config file.

Prerequisites

Requirements

There are no specific requirements for this document.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Default Password

The factory default passwords for the Cisco VPN 3000 Series are:

  • username: admin

  • password: admin

Step-by-Step Procedure

Complete these steps in order to recover a password:

  1. Connect a PC to the VPN Concentrator with a straight-through RS-232 serial cable between the console port on the VPN Concentrator and the COM1 or serial port on the PC (Cisco supplies the cable with the system).

  2. Start a terminal emulator (HyperTerminal) on the PC. Configure a connection on COM1 with port settings of:

    • 9600 bits per second

    • 8 data bits

    • no parity

    • 1 stop bit

    • hardware flow control

    Set the emulator for VT100 emulation, or let the emulator auto-detect the emulation type.

  3. When the Concentrator boots, and after the power-up diagnostics check is complete, a line of three dots (...) appears on the console, a sample of which is shown here for reference. Press Ctrl-C within three seconds after you see these dots. This displays a menu that lets you reset the system passwords to the defaults.

    Boot-ROM Initializing... 
    Boot configured 128Mb of RAM. 
    ... 
     
    Loading image .......... 
    Verifying image checksum ........... 
    Active image loaded and verified... 
    Starting loaded image... 
    Starting power-up diagnostics... 
    
    ...
    
    !--- At this second set of three dots, press Ctrl-C.
    !--- On version 4.0.X and earlier returns with this information:
     
    
     
    Main Menu Options 
    ----------------- 
    1 - Reset Passwords 
    Q - Quit Main Menu
    
    !--- Newer version 4.1 and later returns with this information:
    
    
    Main Menu Options
    -----------------
    1 - Reset Administrator Accounts
    Q - Quit Main Menu

Related Information

Updated: Apr 21, 2005
Document ID: 17107