Hi,
I have Router Cisco 2811 Bundle w/AIM-VPN/SSL-2,Adv. IP Serv,10 SSL LIC, 64F/256D.
I want to generate RSA key to create secure VPN connection to other CISCO router. How to do it? The key need to have 1024 Bits. Or can I add other RSA key if I have generated it in other way?
In the router, in VPN options there is RSA key feature. I have added a key, but after restarting the router, it disappear?
Thanks
Darko's
Hi Darko's,
To simply generate a 1024 bit RSA key on the command line use:
cert-server (config)#crypto key generate rsa general-keys modulus 1024 The name for the keys will be: cert-server.ignet.co.uk % The key modulus size is 1024 bits % Generating 1024 bit RSA keys ...[OK] cert-server (config)#^Z cert-server #copy run start
If you need a hand with the other elements of setting up the VPN, give me a shout.
Joe ========================== Igneous Networks Technical Director
Hi Below are a helpfull documents. Cisco Configuration Examples and TechNotes:
quoted text -
Thank you!!!
Can you please tell me one more think. I have generated the RSA key using RSA option in VPN. Next I saved the RSA key on my PC. But after restarting the router, the key is gone. I think due to the fact that I haven't press the SAVE button. ........... How can be the RSA key upload from my PC? The RSA key on my PC is in .txt file format. Can it be done?
Can you please tell me one more think. I have generated the RSA key using RSA option in VPN. Next I saved the RSA key on my PC. But after restarting the router, the key is gone. I think due to the fact that I haven't press the SAVE button. ........... How can be the RSA key upload from my PC? The RSA key on my PC is in .txt file format. Can it be done?
Hi Darko's,
I don't know of a method of directly pasting RSA keys into a Cisco configuration from a text file. Probably the quickest way to solve the issue is to generate the keys again. In the future, if you want to store the keys on your PC separately then you need to generate them as 'exportable' and use PEM-formatted files. See:
Hope this helps.
Joe ========================== Igneous Networks Technical Director
Hi Joe,
I was reading through your response. Thanks. I am looking at a similar scenario where I have found the procedure to setup my cisco VPN client to comunicate to VPN IOS router.
However i am not able to key in the command " crypto isakmp policy
3"Here are the displayed config options:
dmz-i(config)#crypto ca Certification authority engine Enter a crypto engine configurable menu key Long term key operations pki Public Key components wui Crypto HTTP configuration interfaces
dmz-i(config)#crypto
dmz-i#show flash
-#- --length-- -----date/time------ path
1 27092556 Dec 24 2004 11:48:30 +00:00 c3845-spservicesk9-mz. 123-11.T2.bin 2 1541 Dec 24 2004 11:55:30 +00:00 sdmconfig-38xx.cfg 3 3885056 Dec 24 2004 11:55:52 +00:00 sdm.tar 4 1463 Dec 24 2004 11:56:04 +00:00 home.html 5 270848 Dec 24 2004 11:56:18 +00:00 home.tar 6 93095 Dec 24 2004 11:56:32 +00:00 attack-drop.sdf 7 1187840 Dec 24 2004 11:56:48 +00:00 ips.tar 8 8019 May 03 2005 07:51:54 +00:00 sart dmz-i#show ver Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version 12.3(11)T2, RELEASE SOFTWARE (fc1) .I am trying to follow procedure here:
Thanks.
MW
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.