[rancid] ASA Config for Rancid
Dan Anderson
dan.w.anderson at gmail.com
Mon Sep 11 21:01:26 UTC 2017
You can set the method for the ASAs to be {ssh,telnet} in your .cloginrc
file. I'm on my phone and don't have the exact syntax handy but it's pretty
straightforward.
On Mon, Sep 11, 2017 at 4:56 PM Ryan West <rwest at zyedge.com> wrote:
> On Mon, Sep 11, 2017 at 16:51:34, Piegorsch, Weylin William wrote:
> > Subject: [rancid] ASA Config for Rancid
> >
> > Cisco question, that I’m having a devil of a time getting a Cisco answer
> to.
> >
> > I have several ASAs – some locally connected, some connected at the far
> end
> > of an IPSec tunnel. In nearly all cases, I can’t get rancid to archive
> their
> > config. For reasons that don’t relate to the ASA (has to do with the
> larger
> > network as a whole), I need telnet to be the first method, with SSH
> backup.
> > But, the ASAs drop the telnet request, they don’t send a TCP RST
> packet. As
> > a consequence, rancid times out and considers it an unreachable device.
> >
> > I’m trying to find a mechanism that doesn’t require specifying custom
> rancid
> > configs for ASAs that are different than anything else.
> >
>
> Try to allow telnet access from the remote network as sourced from inside
> and then use 'management-access inside' and you should be able to telnet to
> the inside address from across a VPN tunnel.
>
> -ryan
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
--
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170911/9a5eebc9/attachment.html>
More information about the Rancid-discuss
mailing list