I got this error when I tried to change hostname on PIX 501. I have discovered that pix uses host name and domain name to generate rsa key. Is the following enough to sort this problem out? #ca zeroize rsa #hostname new_name #ca gen rsa key 512 #ca save all What are the consequences? Will that disconnect my vpn users?
You shouldn't need to zeroize the rsa, but it wouldn't hurt to do so. The procedure looks fine.
I believe that eventually, Yes: the next time the key would normally be negotiated (typically one hour), that due to the RSA key change, the negotiation would fail, resulting in a disconnect. If you have host VPN client connections, I don't have a prediction as to what would happen at that point. For site-to-site connections, as soon as the remote site had data to send, it would attempt to reconnect, and that reconnection should work. So my prediction is that site-to-site connections might experience a brief pause for renegotation, but would be fine otherwise, but possibly VPN clients might have to request to reconnect.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.