Any VRF guys here?
jthunderbird
Banned Posts: 95 ■■□□□□□□□□
in CCNP
So I have a weird situation going on.
I have an ASR router that is configured using VRF. I am able to ping my Redhat server via "ping vrf Mgmt-intf 192.168.1.20".
What I really need to do is SCP to that server from the router, but I cant even get SSH to work. I have tried the "ssh -vrf Mgmt-intf 192.168.1.20" and I get an error that there is no cipher match. I went and checked the sshd_config file on the redhat server and there are plenty of cipher matches...
Any ideas?
I have an ASR router that is configured using VRF. I am able to ping my Redhat server via "ping vrf Mgmt-intf 192.168.1.20".
What I really need to do is SCP to that server from the router, but I cant even get SSH to work. I have tried the "ssh -vrf Mgmt-intf 192.168.1.20" and I get an error that there is no cipher match. I went and checked the sshd_config file on the redhat server and there are plenty of cipher matches...
Any ideas?
Comments
VRF-Aware Management on ASR Configuration Examples - Cisco
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
Yes I know that is the proper way to set up the SCP part but I am trying to SSH because SCP uses SSH. But if I cannot even get SSH working, then SCP certainly will not work.
So my question is even though my red hat and ASR both have several similar cipher keys, why am I getting that error? Maybe a bug in the IOS? Its a little older for the ASR.
Got some SSH to work. Turns out the image for RH had some mess ups in the sshd_config file. We compared it to another box and changed the commented out options and we can now SSH with a ssh -vrf command.
Figured out why the "ip ssh source-interface" command was seemingly doing nothing... it is not supported in our IOS version. I know upgrading the IOS seems like an obvious answer, but it is currently not an option. Looks like I am screwed trying to secure copy to the VRF'd network unless anyone has any good ideas?