"%Key pair with hostname Company.companyname.com will be invalid"

Discussion in 'Cisco' started by lesniak81, Jul 21, 2008.

  1. lesniak81

    lesniak81 Guest

    Hi,

    I got this error when I tried to change hostname on PIX 501. I have
    discovered that pix uses host name and domain name to generate rsa
    key. Is the following enough to sort this problem out?
    #ca zeroize rsa
    #hostname new_name
    #ca gen rsa key 512
    #ca save all
    What are the consequences? Will that disconnect my vpn users?

    Thanks and regards,
    lesniak81
     
    lesniak81, Jul 21, 2008
    #1
    1. Advertisements

  2. You shouldn't need to zeroize the rsa, but it wouldn't hurt to do so.
    The procedure looks fine.
    I believe that eventually, Yes: the next time the key would normally
    be negotiated (typically one hour), that due to the RSA key change,
    the negotiation would fail, resulting in a disconnect. If you have
    host VPN client connections, I don't have a prediction as to what would
    happen at that point. For site-to-site connections, as soon as
    the remote site had data to send, it would attempt to reconnect,
    and that reconnection should work. So my prediction is that site-to-site
    connections might experience a brief pause for renegotation, but
    would be fine otherwise, but possibly VPN clients might have to
    request to reconnect.
     
    Walter Roberson, Jul 21, 2008
    #2
    1. Advertisements

  3. lesniak81

    lesniak81 Guest

    THANKS! :)
     
    lesniak81, Jul 21, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
There are no similar threads yet.
Loading...