I absolutely love using tailscale. It uses a great new protocol, wireguard, but makes it easy to configure and use. I’ve used it as a VPN service for over a year now, but have always wanted to connected to devices that are not tailscale capable.
On new ISR routers with XE-SDWAN version 16.10.3+, you can only log in with the default password once. Over console, there is a message printed that warns you to change the password, but it can easily get lost in all the other console output.
Here is a little script I wrote to automate putting certificates onto ASAs. It also activates the cert on the inside interface (mine is a one-armed VPN concentrator). The cert is assumed to already in the correct format and named asabase64.cert.