Any VRF guys here?

jthunderbird

So I have a weird situation going on.

I have an ASR router that is configured using VRF. I am able to ping my Redhat server via "ping vrf Mgmt-intf 192.168.1.20".

What I really need to do is SCP to that server from the router, but I cant even get SSH to work. I have tried the "ssh -vrf Mgmt-intf 192.168.1.20" and I get an error that there is no cipher match. I went and checked the sshd_config file on the redhat server and there are plenty of cipher matches...

Any ideas?

shodown

These can get tricky. Usually in my voice designs I will tell the customer to buy another router if VRF's are used. VRF's don't support a lot of things going over them. MGCP being one of them. Here you go

VRF-Aware Management on ASR Configuration Examples - Cisco

jthunderbird

Sorry, I guess I should of been more specific.

Yes I know that is the proper way to set up the SCP part but I am trying to SSH because SCP uses SSH. But if I cannot even get SSH working, then SCP certainly will not work.

So my question is even though my red hat and ASR both have several similar cipher keys, why am I getting that error? Maybe a bug in the IOS? Its a little older for the ASR.

jthunderbird

Ok so after working on this all freaking day, maybe someone will have an input with some updated information.

Got some SSH to work. Turns out the image for RH had some mess ups in the sshd_config file. We compared it to another box and changed the commented out options and we can now SSH with a ssh -vrf command.

Figured out why the "ip ssh source-interface" command was seemingly doing nothing... it is not supported in our IOS version. I know upgrading the IOS seems like an obvious answer, but it is currently not an option. Looks like I am screwed trying to secure copy to the VRF'd network unless anyone has any good ideas?