SRP527W SSH user/password?

Unanswered Question
Sep 17th, 2010
User Badges:

Hi all, im having trouble setting up site to site vpn from my 527w to my 877 series and thought it would be much easier to see whats going on the 527 if i could see command line


so ive ssh'd to the 527s ip address but none of the usernames/password combos work that let me in the web gui, what are the logins? does anybody know?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
riroe Mon, 09/20/2010 - 02:00
User Badges:

To access the WEB GUI of this device there are 2 different logins

that you can use. You can use cisco, cisco as the username and password or

admin,admin as the username and password. I would reccommend logging in as admin,admin. You

will see more available options under admin.


THANKS

AWilloughby Mon, 09/20/2010 - 02:13
User Badges:

hi yeah, i found those accounts and have logged in with those, but when i ssh to the ip address of the router i get login prompt but neither credentials work, and i cant find any ssh access info in the web gui logged in as an admin


is ssh enabled but no account can use it?

jowan.mcruz Tue, 05/10/2011 - 21:44
User Badges:

Hi, were u able to get resolution/answer for this, I'm experiencing the same thing.

Andrew Hickman Wed, 05/11/2011 - 08:15
User Badges:
  • Cisco Employee,

Hi All,


The SSH interface is protected by a device  specific password that may only be accessed by Cisco engineering staff.   There is no command line interface hidden behind this password, so would  be of limited use to most users.


That said, you might find the following useful in setting up a VPN between the SRP and IOS device:


Consider the following network:


This is the IOS configuration:



crypto isakmp policy 1


encr 3des


authentication pre-share


group 2


lifetime 28800


crypto isakmp key SECRET-KEY address 192.168.200.162


!


!


crypto ipsec transform-set SETNAME esp-3des esp-sha-hmac


!


crypto map CISCO 1 ipsec-isakmp


set peer 192.168.200.162


set transform-set SETNAME


set pfs group2


match address 110


!


interface FastEthernet4


ip address 192.168.200.146


crypto map CISCO


!


interface Vlan1


ip address 192.168.9.1 255.255.255.0


!

access-list 110 permit

ip 192.168.9.0 0.0.0.255 192.168.15.0 0.0.0.255


The SRP IKE Policy is as follows:


...and the SRP500 IPSec policy is:



If both IP addresses are directly reachable, NAT-T is not  required:


VPN connection status and control is available from the SRP status page:


jowan.mcruz Wed, 05/11/2011 - 21:26
User Badges:

Thanks for that Andrew, will keep that for reference.


Though the reason I wanted SSH access was to test Port Mirroring bases from this post:
https://supportforums.cisco.com/thread/2075293


monitor session 1 source interface FaX/X

monitor session 1 destination interface FaX/X


I can't find seem to find to do this via the WEB GUI.
Thanks.

Andrew Hickman Wed, 05/11/2011 - 21:37
User Badges:
  • Cisco Employee,

Ah - Those are commands for an IOS router.  The SRP500 is a Linux based device and does not have this functionality.


Andy

jowan.mcruz Wed, 05/11/2011 - 21:40
User Badges:

Oh ok, I didnt see port mirroring as feature in the datasheet, though when I saw that post, I thought its possible.

Thanks.

elryan234 Tue, 07/26/2011 - 21:58
User Badges:

Thanks for those details!


So, that means no RSA certificates for authentication on these devices then...?



-- Lee

Andrew Hickman Wed, 07/27/2011 - 00:47
User Badges:
  • Cisco Employee,

Hi Lee,


That's correct.  No certificates for IPSec, just shared secret.


Andy

Actions

This Discussion