"%Key pair with hostname Company.companyname.com will be invalid"

Discussion in 'Cisco' started by lesniak81, Jul 21, 2008.

  1. lesniak81

    lesniak81 Guest


    I got this error when I tried to change hostname on PIX 501. I have
    discovered that pix uses host name and domain name to generate rsa
    key. Is the following enough to sort this problem out?
    #ca zeroize rsa
    #hostname new_name
    #ca gen rsa key 512
    #ca save all
    What are the consequences? Will that disconnect my vpn users?

    Thanks and regards,
    lesniak81, Jul 21, 2008
    1. Advertisements

  2. You shouldn't need to zeroize the rsa, but it wouldn't hurt to do so.
    The procedure looks fine.
    I believe that eventually, Yes: the next time the key would normally
    be negotiated (typically one hour), that due to the RSA key change,
    the negotiation would fail, resulting in a disconnect. If you have
    host VPN client connections, I don't have a prediction as to what would
    happen at that point. For site-to-site connections, as soon as
    the remote site had data to send, it would attempt to reconnect,
    and that reconnection should work. So my prediction is that site-to-site
    connections might experience a brief pause for renegotation, but
    would be fine otherwise, but possibly VPN clients might have to
    request to reconnect.
    Walter Roberson, Jul 21, 2008
    1. Advertisements

  3. lesniak81

    lesniak81 Guest

    THANKS! :)
    lesniak81, Jul 21, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
There are no similar threads yet.