Netgear SRX5308 Can't Connect To Admin Page

My new Netgear SRX5308 Firewall/Router arrived yesterday (Thank you eBay). I was very excited because I had a power-hit (Lighting strike) take out my FVS336G at the beginning of this week.
 
Off the network (such-as-it-is) I connected my laptop to the LAN1 port, powered on the 5308 and proceeded to connect to the Admin Web Interface (as we've ALL done hundreds of times) via https://192.168.1.1.
 
Imagine my surprise when, instead of the login page, I get:

"Secure Connection Failed
       
          An error occurred during a connection to 192.168.1.1.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)  
         
 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site."


I reset to factory default but I might not have held the button in long enough (only 10 seconds or so until "Test" light came on).

I am able to reproduce these results and using both IE (9.0...I think?) and Firefox 23+ on my Win7 PC.
LVL 3
LateNiteRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

activematxCommented:
Have you tried accessing it from http://192.168.1.1

And can you ping the device?  Is the device giving you a DHCP address?  Or are you setting it to static

And I think the model you are reffering to is Netgear 5308
0
LateNiteRAuthor Commented:
Model 5308, you are correct (I have requested a correction, thank you).

Yes, I have tried both 'http' and 'https'.

I have also verified the SSL and TLS settings in Firefox via "About:Config" and all seems in order.
0
activematxCommented:
Can you ping 192.168.1.1
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

LateNiteRAuthor Commented:
....Yes, the device responds to ping (192. 168....) and I do get a valid IP assigned.
0
activematxCommented:
Can you verify in firefox:

Enable support for 40-bit RSA encryption in the Firefox Browser:
1: enter 'about:config' in Browser Address bar
2: find/select "security.ssl3.rsa_rc4_40_md5"
3: set boolean to TRUE
0
activematxCommented:
Also, try resetting the 5308 again.  Wait until the test light flashes, then release.
0
LateNiteRAuthor Commented:
Everything in Firefox is set to "True" except:

security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref
security.ssl.enable_false_start
security.ssl.require_safe_negotiation
and
security.ssl.treat_unsafe_negotiation_as_broken
[used '/security.*ssl|security.*tls/' search]
0
LateNiteRAuthor Commented:
I DID wait for the 'Test' light to flash but some documentation states to hold the reset btn for as long as 1 minute.
0
LateNiteRAuthor Commented:
It will be 04:00 before I can work with it again. I am also going to try one of the Windows 8 machines in the morning as well to see if the results are any different.

Oh, and I've been trying with IE 10 and Firefox 23.0.1
0
activematxCommented:
I would try from another computer if possible.  If the next compute also fails, then I suspect the unit needs the firmware re-flashed.

Download the firmware and flash it with tftp2.exe

http://kb.netgear.com/app/answers/detail/a_id/19841/~/reinstall-the-firmware-on-a-router-without-the-setup-cd-recovery-tool
0
LateNiteRAuthor Commented:
Now THAT'S what I'm talkin' about !

I will try that in the morning and let you know how that goes.
0
activematxCommented:
I've fixed many routers (not only netgears) using the tftp2.exe program.  Let me know if you have questions.  It really is amazing.
0
LateNiteRAuthor Commented:
Alas,...tftp2.exe doesn't seem to catch no matter WHEN I send the start command.

I have been able to connect to the SRX5308's CLI but only the global commands seem to work. I can't get 'net', 'util' or other modes to work. The response I get every time is:

invalid command - util

I was really excited when I was able to get this far. I figured CLI wouldn't let me down (cmd rarely has).

In order to get into 'util' Mode do I need to DO anything? I was hoping to flash the firmware via:

util firmware_upgrade D:\srx5308_v4.3.0-19.img 192.168.1.1

No luck or course. "Invalid command - util"
0
activematxCommented:
Are you assigning a static IP address like this when trying the tftp.exe program:

static ip
Also, have you tried using the password "admin" and the password "password"

when trying to flash.

Try this from the command line:  
#copy tftp://192.168.1.2/srx5308_v4.3.0-19.img system:image

Open in new window


or

tftp -i 192.168.1.1 PUT srx5308_v4.3.0-19.img

Open in new window

0
LateNiteRAuthor Commented:
Hmmmm. OK, no, I don't think I set my IP to static (I did have an IP assigned and/or a still valid IP) so I will do that in the morning.

A couple Questions:

1) when doing the #copy tftp://192.186.... shouldn't it be .1 instead of .2 (nit-picky, I know). I ask because I've only used normal FTP from a cmd line before and I want to get the syntax correct.
2) Running these cmds, I will want to issue the commands cd'ed to the directory where the .img file is located OR put the full, no-spaces, path to the .img, correct?

When I first tried using the TFTP.EXE I did type in the 'admin' and 'password'. because the pswd is masked (as usual) I DID think I might have fat-fingered it or that the Router was so screwed-up the pswd had been changed (an unsuccessful factory reset).

However, since I was able to access the CLI for the router I am confident that as least the username and pswd are still valid.

To re-Cap:

1) Static IP before I begin
2)Try Tftp2.exe again
3) Try "#copy tftp://192.168.1.2/srx5308_v4.3.0-19.img system:image" from cmd line
4) Try "tftp -i 192.168.1.1 PUT srx5308_v4.3.0-19.img" from cmd line

I will let you know how it goes in the morning.
0
LateNiteRAuthor Commented:
OK here it is:

1) was already static IP (Local PC)

2) Tftp2.exe still "can't get responses from the server"
       NOTE: I get the same result with, or without, a pswd. FYI

3) From a cmd line (Win CMD.exe) I get #copy not a valid command. From with Telnet CLI it SEEMS to accept the input (letting me believe that I need to add a '#' before each command which I didn't know) but then does nothing) but just goes to another SRX5308$ __ prompt.

I tried '#util restore_factory_defaults' but that did the same thing. Just goes to another SRX5308$ __ prompt

4) Once I installed Tftp on my PC and I got a timeout error.

....I think I need to either call Netgear or take it back to where I bought it.
0
LateNiteRAuthor Commented:
The CLI manual say "to upgrade from a TFTP Server do:

util firmware_upgrade srx5308_v4.3.0-19.img 192.168.1.1

...so I installed the tpft client (mentioned earlier) but how do I install a TFTP Server? I've been using Hyperterminal on my PC to use the Netgear CLI (which is almost working) but the 'util' command isn't recognized.
0
activematxCommented:
The tftp server is already installed on the netgear device.  At this point, I am sorry, but I suspect something is wrong with your device.  I would initiate the return process with ebay.  Perhaps you can "request attention" to get more experts to chime in on a possible solution if one exists.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LateNiteRAuthor Commented:
Well, YOU have certainly been helpful just via the Tftp2.exe suggestion alone. For that, I thank you.

Is there some way to award points for trying without marking the Question as "Answered"?

Given your spot-on guidance I certainly consider the points well-earned.

I am going to send it back. I haven't done a lot of research into other firewall appliances but I guess it was time I did. Besides, I'm probably saving BOAT-LOAD of dough keeping the servers off (LOL).
0
activematxCommented:
Well, sometimes hardware is just broken.  We tried all the necessary troubleshooting topics.  Perhaps my last comment as writing it off as broken is the solution.  I have never had the tftp.exe program fail for me

By the way, that program works for other routers asides from netgears.  I've used it on Linksys and Asus routers in the past.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.