Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SCA Remote Mgmt Question

i recently took over the administration of a sca11000. the problem is, the guy that used to manage it left the company and i am unable to connect to it remotely. i am trying to connect to it either by the WEBUI or telnet....doesn't matter to me. at this time i am unable to connect by either. below is the config that is in it. i am physcially at a different location which goes something like this: my machine => router => private T1 => router => firewall => switch => sca. let me know if anyone needs any additional information. fyi, i can get to everything on the segment of the sca (10.1.8.0). also, my machine resides on the 222.192.101.0 segment.

*************************************************************************************

# Cisco SCA Device Configuration File

#

# Written: Sun Jan 4 23:08:19 1970 EST

# Inxcfg: version 3.2 build 200203151705

# Device Type: CSS-SCA

# Device Id: S/N 11a674

# Device OS: MaxOS version 3.2.0 build 200203151705 by reading

### Mode ###

no mode one-port

mode pass-thru

### Interfaces ###

interface network

duplex full

speed 100

end

interface server

duplex full

speed 100

end

### Device ###

ip address 10.1.8.253 netmask 255.255.255.0

hostname xxxxxxx

timezone "EST5DST"

### Password ###

password access

password enable

### SNTP ###

sntp interval 86400

### Static Routes ###

ip route 0.0.0.0 0.0.0.0 10.1.8.1 metric 1

ip route 10.1.16.0 255.255.255.0 10.1.8.1 metric 1

ip route 222.192.101.0 255.255.255.0 10.1.8.1 metric 1

### RIP ###

no rip

### DNS ###

no ip name-server

no ip domain-name

### IP Access Lists ###

access-list 1 permit 222.192.101.0 255.255.255.0 tcp 1-65535

access-list 1 permit 10.1.20.40 0.0.0.0 tcp 1-65535

access-list 1 permit 10.1.20.75 0.0.0.0 tcp 1-65535

access-list 1 permit 10.1.16.0 255.255.255.0 tcp 1-65535

### Remote Management ###

remote-management access-list 1

remote-management encryption DES

remote-management enable

### Telnet ###

telnet enable

telnet access-list 1

### Web Management ###

web-mgmt port 80

web-mgmt enable

web-mgmt access-list 1

### SNMP Subsystem ###

no snmp

### SSL Subsystem ###

server create

ip address 10.1.8.200

localport 443

remoteport 80

key

cert

secpolicy default

session-cache size 20000

session-cache timeout 300

session-cache enable

no clientauth enable

clientauth verifydepth 1

clientauth error cert-other-error fail

clientauth error cert-not-provided fail

clientauth error cert-has-expired fail

clientauth error cert-not-yet-valid fail

clientauth error cert-has-invalid-ca fail

clientauth error cert-has-signature-failure fail

clientauth error cert-revoked fail

certgroup clientauth defaultCA

no httpheader client-cert

no httpheader server-cert

no httpheader session

no httpheader pre-filter

httpheader prefix "SSL"

ephrsa

end

2 REPLIES
Cisco Employee

Re: SCA Remote Mgmt Question

Based on your description of how you are attempting to connect to the SCA and your config (no mode one-port, mode pass-thru) it looks like you are trying

to access the SCA from the Network port of the SCA. This is only possible if you are configured for one-port mode, otherwise you need to connect from the

Server port side. In your diagram you did not mention which side you are coming from so I am making an assumption ;-)

Here is an excerpt from the release notes:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/rnsca310.htm#xtocid19

"Once Web management is enabled, it is always accessible via the "Server" port (two-port mode) or the "Network" port (one-port mode) even if SSL client-side access has been configured. Use an access list to prevent unwanted access"

New Member

Re: SCA Remote Mgmt Question

Yes, you assumption was correct. I am trying to access the sca from the network port. The network port goes into a switch, and the server port connects directly (thru a crossover) to the server.

So, I have several questions:

1-What is one-port mode?

2-Can I make this sca one-port mode? Keeping the same setup and functionality.

Thanks for all your help! I will try to read up on this myself, but if you get back to me before I do....thanks a lot!

133
Views
0
Helpful
2
Replies
CreatePlease login to create content