Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
2
Replies

SCA Remote Mgmt Question

b-pelphrey
Level 1
Level 1

‎02-26-2003 08:32 AM

i recently took over the administration of a sca11000. the problem is, the guy that used to manage it left the company and i am unable to connect to it remotely. i am trying to connect to it either by the WEBUI or telnet....doesn't matter to me. at this time i am unable to connect by either. below is the config that is in it. i am physcially at a different location which goes something like this: my machine => router => private T1 => router => firewall => switch => sca. let me know if anyone needs any additional information. fyi, i can get to everything on the segment of the sca (10.1.8.0). also, my machine resides on the 222.192.101.0 segment.

*************************************************************************************

# Cisco SCA Device Configuration File

#

# Written: Sun Jan 4 23:08:19 1970 EST

# Inxcfg: version 3.2 build 200203151705

# Device Type: CSS-SCA

# Device Id: S/N 11a674

# Device OS: MaxOS version 3.2.0 build 200203151705 by reading

### Mode ###

no mode one-port

mode pass-thru

### Interfaces ###

interface network

duplex full

speed 100

end

interface server

duplex full

speed 100

end

### Device ###

ip address 10.1.8.253 netmask 255.255.255.0

hostname xxxxxxx

timezone "EST5DST"

### Password ###

password access

password enable

### SNTP ###

sntp interval 86400

### Static Routes ###

ip route 0.0.0.0 0.0.0.0 10.1.8.1 metric 1

ip route 10.1.16.0 255.255.255.0 10.1.8.1 metric 1

ip route 222.192.101.0 255.255.255.0 10.1.8.1 metric 1

### RIP ###

no rip

### DNS ###

no ip name-server

no ip domain-name

### IP Access Lists ###

access-list 1 permit 222.192.101.0 255.255.255.0 tcp 1-65535

access-list 1 permit 10.1.20.40 0.0.0.0 tcp 1-65535

access-list 1 permit 10.1.20.75 0.0.0.0 tcp 1-65535

access-list 1 permit 10.1.16.0 255.255.255.0 tcp 1-65535

### Remote Management ###

remote-management access-list 1

remote-management encryption DES

remote-management enable

### Telnet ###

telnet enable

telnet access-list 1

### Web Management ###

web-mgmt port 80

web-mgmt enable

web-mgmt access-list 1

### SNMP Subsystem ###

no snmp

### SSL Subsystem ###

server create

ip address 10.1.8.200

localport 443

remoteport 80

key

cert

secpolicy default

session-cache size 20000

session-cache timeout 300

session-cache enable

no clientauth enable

clientauth verifydepth 1

clientauth error cert-other-error fail

clientauth error cert-not-provided fail

clientauth error cert-has-expired fail

clientauth error cert-not-yet-valid fail

clientauth error cert-has-invalid-ca fail

clientauth error cert-has-signature-failure fail

clientauth error cert-revoked fail

certgroup clientauth defaultCA

no httpheader client-cert

no httpheader server-cert

no httpheader session

no httpheader pre-filter

httpheader prefix "SSL"

ephrsa

end

Labels:
0 Helpful
2 Replies 2

cschneid
Cisco Employee
Cisco Employee

‎02-26-2003 11:23 PM

Based on your description of how you are attempting to connect to the SCA and your config (no mode one-port, mode pass-thru) it looks like you are trying

to access the SCA from the Network port of the SCA. This is only possible if you are configured for one-port mode, otherwise you need to connect from the

Server port side. In your diagram you did not mention which side you are coming from so I am making an assumption ;-)

Here is an excerpt from the release notes:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/rnsca310.htm#xtocid19

"Once Web management is enabled, it is always accessible via the "Server" port (two-port mode) or the "Network" port (one-port mode) even if SSL client-side access has been configured. Use an access list to prevent unwanted access"

0 Helpful

b-pelphrey
Level 1
Level 1
In response to cschneid

‎02-27-2003 06:06 AM

Yes, you assumption was correct. I am trying to access the sca from the network port. The network port goes into a switch, and the server port connects directly (thru a crossover) to the server.

So, I have several questions:

1-What is one-port mode?

2-Can I make this sca one-port mode? Keeping the same setup and functionality.

Thanks for all your help! I will try to read up on this myself, but if you get back to me before I do....thanks a lot!

0 Helpful
Customers Also Viewed These Support Documents