Any VRF guys here?

jthunderbirdjthunderbird Banned Posts: 95 ■■□□□□□□□□
So I have a weird situation going on.

I have an ASR router that is configured using VRF. I am able to ping my Redhat server via "ping vrf Mgmt-intf 192.168.1.20".

What I really need to do is SCP to that server from the router, but I cant even get SSH to work. I have tried the "ssh -vrf Mgmt-intf 192.168.1.20" and I get an error that there is no cipher match. I went and checked the sshd_config file on the redhat server and there are plenty of cipher matches...

Any ideas?

Comments

  • shodownshodown Member Posts: 2,271
    These can get tricky. Usually in my voice designs I will tell the customer to buy another router if VRF's are used. VRF's don't support a lot of things going over them. MGCP being one of them. Here you go

    VRF-Aware Management on ASR Configuration Examples - Cisco
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • jthunderbirdjthunderbird Banned Posts: 95 ■■□□□□□□□□
    Sorry, I guess I should of been more specific.

    Yes I know that is the proper way to set up the SCP part but I am trying to SSH because SCP uses SSH. But if I cannot even get SSH working, then SCP certainly will not work.

    So my question is even though my red hat and ASR both have several similar cipher keys, why am I getting that error? Maybe a bug in the IOS? Its a little older for the ASR.
  • jthunderbirdjthunderbird Banned Posts: 95 ■■□□□□□□□□
    Ok so after working on this all freaking day, maybe someone will have an input with some updated information.

    Got some SSH to work. Turns out the image for RH had some mess ups in the sshd_config file. We compared it to another box and changed the commented out options and we can now SSH with a ssh -vrf command.

    Figured out why the "ip ssh source-interface" command was seemingly doing nothing... it is not supported in our IOS version. I know upgrading the IOS seems like an obvious answer, but it is currently not an option. Looks like I am screwed trying to secure copy to the VRF'd network unless anyone has any good ideas?
Sign In or Register to comment.