Cisco - Chathura Ariyadasa (He/Him/His)

How to copy an Image file to another network device

In general, we copy/upload IOS image files to either flash or bootflash from a TFTP server. In case of timeouts or network delays with the TFTP server, we could use either USB or Memory Slots in order to copy image files to a network device. Once you are done copying the image to flash/bootflash, we can simply configure the network device itself as a TFTP server and can be used to copy image files across other devices. 

NOTE: Please make sure all the devices are in the same subnet 

In our example, we have used 2 Routers. Router 01 is preloaded with the Image files and will be configured as the TFTP server. Router 02 will be the TFTP client. 

Step 01: Make sure, the image file is already copied to the file location (flash or bootflash)

# show bootflash:

Step 02: Configure the Router as a TFTP server. And then assign the relevant image file

(config)# tftp-server bootflash:/“imagename”

Step 03: Log into Router 02 and copy the Image file from the TFTP server (Router 01)

#copy tftp bootflash:


[source: Cisco KB]



Firepower IPSEC VPN tunnel issues with Remote ACL

When you work with Cisco Firepower firewall systems, you may come across issues related to ACLs. What happens is Firepower systems drop any remote traffic even if the correct ACLs are in place. To resolve this issue a workaround can be applied. 

The parameter is sysopt connection permit-vpn can be enabled. On ASA systems, this is enabled by default. But not on firepower systems. We will look at how we can enable this parameter on Firepower Device Manager (FDM).

Go to FDM GUI > Device > Advanced Configuration > View Configuration

Click on FlexConfig Objects and click on the ‘+’ icon to create a new FlexConfig object, give it a name

Click on the ‘+’ icon for the ‘Variables’ section. Give the variable any name, and select ‘string’ as its type. Enter ‘sysopt’ (without quotes) as the value, and click ok.

In the template section, type {{vpnSysVar}} connection permit-vpn

Go to Flexconfig policy and add the newly created Flexconfig object. 

Finally, Save and deploy the changes.