need to deploy the folling IOS firewall Zone Based configuration to a running remotely router.
I'M CONNECTED WITH SSH ...
HOW IS IT POSSIBLE WITHOUT DISCONNETING ME ?
(I know the reload command and also the rollback command).
Q1) When I try to insert on the 1st interface the "zone-member security trust" or "zone-member security untrust" I LOST THE ROUTER CAUSE THE OTHER INTERFACES ARE NOT CONFIGURED: HOW I CAN ACTIVATE THE ZONE-MEMBER COMMAND ON THE ROUTER WITHOUT LOST IT ?
Q2) it's possible (like Juniper JUNOS) made alla the new configuration and execute the "commit now" when I've finished ?
Q3) Is there any other feature on cisco IOS to allow to configure the router, check the configuration and only AFTER put it on the running config (the only tip i?ve found is to modify the startup config and load in or merge the running config with another conf...)?
* FOLLOWING THE NEW LINES CONFIGURATION:
class-map type inspect match-any untrust-trust-cmap
match protocol telnet
match protocol ssh
policy-map type inspect untrust-trust-pmap
class type inspect untrust-trust-cmap
class-map type inspect match-any trust-untrust-cmap
The tip you have received is the only way I can think to do it. You don't need to modify the startup config. Enter the commands you want to configure the firewall in a text editor. Save the file and copy it to the flash directory on the router. Then copy the file from flash into running config. Do not save the config via the text file! You will lose connectivity, but if you did everything correctly you should be able to get back in. Of course this is pretty high risk. I would suggest entering reload in 15 which would reload the router in 15 minutes in case the config merge fails.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :