How to generate RSA key in CISCO Router 2811

Discussion in 'Cisco' started by Darko's, Jul 20, 2007.

  1. Darko's

    Darko's Guest

    Hi,

    I have Router Cisco 2811 Bundle w/AIM-VPN/SSL-2,Adv. IP Serv,10 SSL
    LIC, 64F/256D.

    I want to generate RSA key to create secure VPN connection to other
    CISCO router. How to do it? The key need to have 1024 Bits.
    Or can I add other RSA key if I have generated it in other way?

    In the router, in VPN options there is RSA key feature. I have added a
    key, but after restarting the router, it disappear?

    Thanks

    Darko's
     
    Darko's, Jul 20, 2007
    #1
    1. Advertisements

  2. Hi Darko's,

    To simply generate a 1024 bit RSA key on the command line use:

    cert-server (config)#crypto key generate rsa general-keys modulus 1024
    The name for the keys will be: cert-server.ignet.co.uk
    % The key modulus size is 1024 bits
    % Generating 1024 bit RSA keys ...[OK]
    cert-server (config)#^Z
    cert-server #copy run start

    If you need a hand with the other elements of setting up the VPN, give
    me a shout.


    Joe
    ==========================
    Igneous Networks Technical Director
    www.ignet.co.uk
     
    igneousnetworks, Jul 21, 2007
    #2
    1. Advertisements

  3. Darko's

    Bandar Guest

    Hi
    Below are a helpfull documents.
    Cisco Configuration Examples and TechNotes:

    http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html
    ===============================================================
    Cisco Group Encrypted Transport VPN :

    http://www.ccdp.biz/en/US/products/ps6441/products_feature_guide09186a008078e4f9.html
     
    Bandar, Jul 22, 2007
    #3
  4. Darko's

    Darko's Guest

    Thank you!!!

    Can you please tell me one more think. I have generated the RSA key
    using RSA option in VPN. Next I saved the RSA key on my PC. But after
    restarting the router, the key is gone. I think due to the fact that I
    haven't press the SAVE button. ........... How can be the RSA key
    upload from my PC? The RSA key on my PC is in .txt file format. Can it
    be done?
     
    Darko's, Jul 23, 2007
    #4
  5. Darko's

    Darko's Guest

    Can you please tell me one more think. I have generated the RSA key
    using RSA option in VPN. Next I saved the RSA key on my PC. But after
    restarting the router, the key is gone. I think due to the fact that
    I
    haven't press the SAVE button. ........... How can be the RSA key
    upload from my PC? The RSA key on my PC is in .txt file format. Can
    it
    be done?
     
    Darko's, Jul 24, 2007
    #5
  6. Hi Darko's,

    I don't know of a method of directly pasting RSA keys into a Cisco
    configuration from a text file. Probably the quickest way to solve the
    issue is to generate the keys again. In the future, if you want to
    store the keys on your PC separately then you need to generate them as
    'exportable' and use PEM-formatted files. See:

    http://www.cisco.com/en/US/products...ts_feature_guide09186a00801d1cb4.html#1047009

    If you absolutely must use the key that you have previously generated,
    the only way I can think to proceed is to copy the configuration from
    the router into a text file. Then add in your key at the relevant
    point and use TFTP to copy the config back to the router. Messy, but
    it will get your key in the right place.

    Hope this helps.

    Joe
    ==========================
    Igneous Networks Technical Director
    www.ignet.co.uk
     
    igneousnetworks, Jul 26, 2007
    #6
  7. Darko's

    wanyalanabi Guest

    Hi Joe,

    I was reading through your response. Thanks.
    I am looking at a similar scenario where I have found the procedure to
    setup my cisco VPN client to comunicate to VPN IOS router.

    However i am not able to key in the command " crypto isakmp policy
    3"

    Here are the displayed config options:

    dmz-i(config)#crypto
    ca Certification authority
    engine Enter a crypto engine configurable menu
    key Long term key operations
    pki Public Key components
    wui Crypto HTTP configuration interfaces

    dmz-i(config)#crypto

    dmz-i#show flash
    -#- --length-- -----date/time------ path
    1 27092556 Dec 24 2004 11:48:30 +00:00 c3845-spservicesk9-mz.
    123-11.T2.bin
    2 1541 Dec 24 2004 11:55:30 +00:00 sdmconfig-38xx.cfg
    3 3885056 Dec 24 2004 11:55:52 +00:00 sdm.tar
    4 1463 Dec 24 2004 11:56:04 +00:00 home.html
    5 270848 Dec 24 2004 11:56:18 +00:00 home.tar
    6 93095 Dec 24 2004 11:56:32 +00:00 attack-drop.sdf
    7 1187840 Dec 24 2004 11:56:48 +00:00 ips.tar
    8 8019 May 03 2005 07:51:54 +00:00 sart
    dmz-i#show ver
    Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version
    12.3(11)T2, RELEASE SOFTWARE (fc1)
    ..

    I am trying to follow procedure here:

    http://www.cisco.com/en/US/products...s_configuration_example09186a00801c4246.shtml

    Please advise.

    Thanks.

    MW
     
    wanyalanabi, Jul 30, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.