- Cisco Network Router User's Manual

ManualsBrandsCisco Systems ManualsNetwork RouterIPS4520K9

311

312

313

314

315

316

317

318

319

320

E-7

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

OL-24002-01

Appendix E Troubleshooting

Recovering the Password

•

For the procedure for using a remote server to copy and restore the a configuration file, see Backing

Up and Restoring the Configuration File Using a Remote Server, page E-3.

•

For the procedure for adding hosts to the SSH known hosts list, refer to Adding Hosts to the SSH

Known Hosts Lists.

•

For the procedure for adding users and obtaining a list of the current users on the sensor, refer to

Configuring User Parameters.

Recovering the Password

For most IPS platforms, you can now recover the password on the sensor rather than using the service

account or reimaging the sensor. This section describes how to recover the password for the various IPS

platforms. It contains the following topics:

•

Understanding Password Recovery, page E-7

•

Recovering the Password for the Appliance, page E-8

•

Recovering the ASA 5500-X IPS SSP Password, page E-9

•

Recovering the ASA 5585-X IPS SSP Password, page E-11

•

Disabling Password Recovery, page E-13

•

Verifying the State of Password Recovery, page E-13

•

Troubleshooting Password Recovery, page E-14

Understanding Password Recovery

Note

Administrators may need to disable the password recovery feature for security reasons.

Password recovery implementations vary according to IPS platform requirements. Password recovery is

implemented only for the cisco administrative account and is enabled by default. The IPS administrator

can then recover user passwords for other accounts using the CLI. The cisco user password reverts to

cisco and must be changed after the next login.

Table E-1 lists the password recovery methods according to platform.

Table E-1 Password Recovery Methods According to Platform

Platform Description Recovery Method

4300 series sensors

4500 series sensors

Standalone IPS appliances GRUB prompt or ROMMON

ASA 5500-X IPS SSP

ASA 5585-X IPS SSP

ASA 5500 series adaptive

security appliance IPS modules

Adaptive security appliance CLI

command