09-17-2010 07:11 AM
Hi all, im having trouble setting up site to site vpn from my 527w to my 877 series and thought it would be much easier to see whats going on the 527 if i could see command line
so ive ssh'd to the 527s ip address but none of the usernames/password combos work that let me in the web gui, what are the logins? does anybody know?
Thanks
09-20-2010 02:00 AM
To access the WEB GUI of this device there are 2 different logins
that you can use. You can use cisco, cisco as the username and password or
admin,admin as the username and password. I would reccommend logging in as admin,admin. You
will see more available options under admin.
THANKS
09-20-2010 02:13 AM
hi yeah, i found those accounts and have logged in with those, but when i ssh to the ip address of the router i get login prompt but neither credentials work, and i cant find any ssh access info in the web gui logged in as an admin
is ssh enabled but no account can use it?
05-10-2011 09:44 PM
Hi, were u able to get resolution/answer for this, I'm experiencing the same thing.
05-11-2011 08:15 AM
Hi All,
The SSH interface is protected by a device specific password that may only be accessed by Cisco engineering staff. There is no command line interface hidden behind this password, so would be of limited use to most users.
That said, you might find the following useful in setting up a VPN between the SRP and IOS device:
Consider the following network:
This is the IOS configuration:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key SECRET-KEY address 192.168.200.162
!
!
crypto ipsec transform-set SETNAME esp-3des esp-sha-hmac
!
crypto map CISCO 1 ipsec-isakmp
set peer 192.168.200.162
set transform-set SETNAME
set pfs group2
match address 110
!
interface FastEthernet4
ip address 192.168.200.146
crypto map CISCO
!
interface Vlan1
ip address 192.168.9.1 255.255.255.0
!
access-list 110 permit
ip 192.168.9.0 0.0.0.255 192.168.15.0 0.0.0.255
The SRP IKE Policy is as follows:
...and the SRP500 IPSec policy is:
If both IP addresses are directly reachable, NAT-T is not required:
VPN connection status and control is available from the SRP status page:
05-11-2011 09:26 PM
Thanks for that Andrew, will keep that for reference.
Though the reason I wanted SSH access was to test Port Mirroring bases from this post:
https://supportforums.cisco.com/thread/2075293
monitor session 1 source interface FaX/X
monitor session 1 destination interface FaX/X
I can't find seem to find to do this via the WEB GUI.
Thanks.
05-11-2011 09:37 PM
Ah - Those are commands for an IOS router. The SRP500 is a Linux based device and does not have this functionality.
Andy
05-11-2011 09:40 PM
Oh ok, I didnt see port mirroring as feature in the datasheet, though when I saw that post, I thought its possible.
Thanks.
07-26-2011 09:58 PM
Thanks for those details!
So, that means no RSA certificates for authentication on these devices then...?
-- Lee
07-27-2011 12:47 AM
Hi Lee,
That's correct. No certificates for IPSec, just shared secret.
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide