I've inherited a large group of routers and I'm working to modify the enable secret them. These are all cisco 831 routers running 12.3(8)YA1 using EzVPN to connect to our WAN. The startup-config is generic in nature and is used in connecting to a CNS server which provides the running-config specific to each router. I'm trying to determine how to modify the startup-config without altering its generic nature (i.e. can't use copy running-config startup-config). The only way I can think of to do this would be to "copy tftp: startup-config" - but I can't seem to get the tftp traffic to route through the ipsec tunnel (instead of using the tubes and being blocked by our firewall). If there's a better way to modify the startup-config I'm all ears. Please keep in mind that I do not control the VPN concentrator and that these routers are very remote from me.
Our router configurations come in two flavors: client mode and NEM, with clients using DHCP for their internal address, while NEM routers are statically assigned a pool of 8 addresses.
Coming from an Linux/iptables world (forgive the heresy) I expected to be able to just add a route through a tunnel interface, but I could not figure out how to do that (if it can be done).
The other idea I had was to bring up a loopback interface as an additional tunneling IF and add a route to that, but EzVPN won't allow more than one tunnel (and abandoning EzVPN is not an option).
Forgive my IOS noobishness, but is there a way to specify a source IP/IF for tftp requests? Would this permit the use of the ipsec tunnel as the route for such requests?
Am I trying to do this the hard way? I'm sure I'm coming at this from the wrong direction but I just don't know where else to look. If there's a FAQ on this somewhere I'd be happy to read it.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :