I received a panicky call from a client saying they've "lost" PRIVILEGED access to their VPN3000 from inside LAN and outside WAN HTTPS connections.
connectivity and logon are ok. They can admin the hardware but, I'm told, everything under the ADMINISTRATION tree is being prohibited.
For example, ADMINISTRATION > ACCESS RIGHTS, results in "You do not have sufficient authorization to access the specified page." being displayed.
They had inside-only and were trying for inside and outside both.
I suspect, though am not sure, they added networks n.n.n.n/m.m.m.m to the workstation manager settings screen and something is incorrect and, consequently, they can connect/login BUT CANNOT ACCESS THE ADMIN areas.
Since admin/privileged http/https access appears pooched, I tried ssh and it is similarly not exposing the admin/mgmt commands.
Please ... What is the recovery procedure.
Console access and then from console go into admin/mgmt, or is something more required?
We don't normally do the vpn3000's so this is new territory for us.
All help appreciated (concise steps most helpful owing to our vpn3000-noob status).
The common issue with the inability to connect to the serial interface of the concentrator is either the cable being used is wrong or faulty, or the terminal software is not set correctly. Please make sure you are using the cable provided with the concentrator when you first got the box, otherwise you can use a db9 adaptor with a straight through serial cable, and connect that to your
pc's serial port. Set the terminal software for 9600, 8, n, 1, hardware. If you believe you meet the above setup, try using a different pc, and or terminal software like secure CRT.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...