02-26-2003 08:32 AM
i recently took over the administration of a sca11000. the problem is, the guy that used to manage it left the company and i am unable to connect to it remotely. i am trying to connect to it either by the WEBUI or telnet....doesn't matter to me. at this time i am unable to connect by either. below is the config that is in it. i am physcially at a different location which goes something like this: my machine => router => private T1 => router => firewall => switch => sca. let me know if anyone needs any additional information. fyi, i can get to everything on the segment of the sca (10.1.8.0). also, my machine resides on the 222.192.101.0 segment.
*************************************************************************************
# Cisco SCA Device Configuration File
#
# Written: Sun Jan 4 23:08:19 1970 EST
# Inxcfg: version 3.2 build 200203151705
# Device Type: CSS-SCA
# Device Id: S/N 11a674
# Device OS: MaxOS version 3.2.0 build 200203151705 by reading
### Mode ###
no mode one-port
mode pass-thru
### Interfaces ###
interface network
duplex full
speed 100
end
interface server
duplex full
speed 100
end
### Device ###
ip address 10.1.8.253 netmask 255.255.255.0
hostname xxxxxxx
timezone "EST5DST"
### Password ###
password access
password enable
### SNTP ###
sntp interval 86400
### Static Routes ###
ip route 0.0.0.0 0.0.0.0 10.1.8.1 metric 1
ip route 10.1.16.0 255.255.255.0 10.1.8.1 metric 1
ip route 222.192.101.0 255.255.255.0 10.1.8.1 metric 1
### RIP ###
no rip
### DNS ###
no ip name-server
no ip domain-name
### IP Access Lists ###
access-list 1 permit 222.192.101.0 255.255.255.0 tcp 1-65535
access-list 1 permit 10.1.20.40 0.0.0.0 tcp 1-65535
access-list 1 permit 10.1.20.75 0.0.0.0 tcp 1-65535
access-list 1 permit 10.1.16.0 255.255.255.0 tcp 1-65535
### Remote Management ###
remote-management access-list 1
remote-management encryption DES
remote-management enable
### Telnet ###
telnet enable
telnet access-list 1
### Web Management ###
web-mgmt port 80
web-mgmt enable
web-mgmt access-list 1
### SNMP Subsystem ###
no snmp
### SSL Subsystem ###
server create
ip address 10.1.8.200
localport 443
remoteport 80
key
cert
secpolicy default
session-cache size 20000
session-cache timeout 300
session-cache enable
no clientauth enable
clientauth verifydepth 1
clientauth error cert-other-error fail
clientauth error cert-not-provided fail
clientauth error cert-has-expired fail
clientauth error cert-not-yet-valid fail
clientauth error cert-has-invalid-ca fail
clientauth error cert-has-signature-failure fail
clientauth error cert-revoked fail
certgroup clientauth defaultCA
no httpheader client-cert
no httpheader server-cert
no httpheader session
no httpheader pre-filter
httpheader prefix "SSL"
ephrsa
end
02-26-2003 11:23 PM
Based on your description of how you are attempting to connect to the SCA and your config (no mode one-port, mode pass-thru) it looks like you are trying
to access the SCA from the Network port of the SCA. This is only possible if you are configured for one-port mode, otherwise you need to connect from the
Server port side. In your diagram you did not mention which side you are coming from so I am making an assumption ;-)
Here is an excerpt from the release notes:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/rnsca310.htm#xtocid19
"Once Web management is enabled, it is always accessible via the "Server" port (two-port mode) or the "Network" port (one-port mode) even if SSL client-side access has been configured. Use an access list to prevent unwanted access"
02-27-2003 06:06 AM
Yes, you assumption was correct. I am trying to access the sca from the network port. The network port goes into a switch, and the server port connects directly (thru a crossover) to the server.
So, I have several questions:
1-What is one-port mode?
2-Can I make this sca one-port mode? Keeping the same setup and functionality.
Thanks for all your help! I will try to read up on this myself, but if you get back to me before I do....thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide