Hi,
I got this error when I tried to change hostname on PIX 501. I have discovered that pix uses host name and domain name to generate rsa key. Is the following enough to sort this problem out? #ca zeroize rsa #hostname new_name #ca gen rsa key 512 #ca save all What are the consequences? Will that disconnect my vpn users?
Thanks and regards, lesniak81
You shouldn't need to zeroize the rsa, but it wouldn't hurt to do so. The procedure looks fine.
I believe that eventually, Yes: the next time the key would normally be negotiated (typically one hour), that due to the RSA key change, the negotiation would fail, resulting in a disconnect. If you have host VPN client connections, I don't have a prediction as to what would happen at that point. For site-to-site connections, as soon as the remote site had data to send, it would attempt to reconnect, and that reconnection should work. So my prediction is that site-to-site connections might experience a brief pause for renegotation, but would be fine otherwise, but possibly VPN clients might have to request to reconnect.
THANKS! :-)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.