I've deployed the Transit VPC cloudformation template successfully, and I've built tunnels from each CSR back to my datacenter successfully. When I tag a VGW with 'transitvpc:spoke' value:'true', I see two AWS VPN connections get created against...
I am replacing a 3015 concentrator with a 2801 sec-bundle router. The public interface of the concentrator sits in the 'public dmz' of our ASA. The private interface of the concentrator sits in an internal dmz on of the ASA. I currently have...
snippit from lambda run logs for CSR1:
[INFO] 2016-12-05T23:49:22.192Z <ID> Pushing config to router.
23:49:22
'NoneType' object is not iterable: TypeError Traceback (most recent call last): File "/var/task/transit-vpc-push-cisco-config.py"...
I prefer to keep the VPN tunnels separated from the ASA. It mimicswhat we had before with the 3015 concentrator, and makes it less likely that a misconfigured crypto map could affect traffic on the ASA.
Here is how I rolled 7.02 into production:1) connect to the backup unit and copy the image up. 2) connect to the primary unit and copy the image up3) reload the primary4) after the primary is back up and 'sh fail' shows it as 'Primary - Standby Ready...