SRP527W SSH user/password?

Unanswered Question
Sep 17th, 2010
User Badges:

Hi all, im having trouble setting up site to site vpn from my 527w to my 877 series and thought it would be much easier to see whats going on the 527 if i could see command line

so ive ssh'd to the 527s ip address but none of the usernames/password combos work that let me in the web gui, what are the logins? does anybody know?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
riroe Mon, 09/20/2010 - 02:00
User Badges:

To access the WEB GUI of this device there are 2 different logins

that you can use. You can use cisco, cisco as the username and password or

admin,admin as the username and password. I would reccommend logging in as admin,admin. You

will see more available options under admin.


AWilloughby Mon, 09/20/2010 - 02:13
User Badges:

hi yeah, i found those accounts and have logged in with those, but when i ssh to the ip address of the router i get login prompt but neither credentials work, and i cant find any ssh access info in the web gui logged in as an admin

is ssh enabled but no account can use it?

jowan.mcruz Tue, 05/10/2011 - 21:44
User Badges:

Hi, were u able to get resolution/answer for this, I'm experiencing the same thing.

Andrew Hickman Wed, 05/11/2011 - 08:15
User Badges:
  • Cisco Employee,

Hi All,

The SSH interface is protected by a device  specific password that may only be accessed by Cisco engineering staff.   There is no command line interface hidden behind this password, so would  be of limited use to most users.

That said, you might find the following useful in setting up a VPN between the SRP and IOS device:

Consider the following network:

This is the IOS configuration:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key SECRET-KEY address



crypto ipsec transform-set SETNAME esp-3des esp-sha-hmac


crypto map CISCO 1 ipsec-isakmp

set peer

set transform-set SETNAME

set pfs group2

match address 110


interface FastEthernet4

ip address

crypto map CISCO


interface Vlan1

ip address


access-list 110 permit


The SRP IKE Policy is as follows:

...and the SRP500 IPSec policy is:

If both IP addresses are directly reachable, NAT-T is not  required:

VPN connection status and control is available from the SRP status page:

jowan.mcruz Wed, 05/11/2011 - 21:26
User Badges:

Thanks for that Andrew, will keep that for reference.

Though the reason I wanted SSH access was to test Port Mirroring bases from this post:

monitor session 1 source interface FaX/X

monitor session 1 destination interface FaX/X

I can't find seem to find to do this via the WEB GUI.

Andrew Hickman Wed, 05/11/2011 - 21:37
User Badges:
  • Cisco Employee,

Ah - Those are commands for an IOS router.  The SRP500 is a Linux based device and does not have this functionality.


jowan.mcruz Wed, 05/11/2011 - 21:40
User Badges:

Oh ok, I didnt see port mirroring as feature in the datasheet, though when I saw that post, I thought its possible.


elryan234 Tue, 07/26/2011 - 21:58
User Badges:

Thanks for those details!

So, that means no RSA certificates for authentication on these devices then...?

-- Lee

Andrew Hickman Wed, 07/27/2011 - 00:47
User Badges:
  • Cisco Employee,

Hi Lee,

That's correct.  No certificates for IPSec, just shared secret.



This Discussion