11-20-2008 02:20 PM
Man o man I'm getting burnt out over all this.
I wiped out my VPN config to start from scratch.
When I entered:
no crypto pki certificate chain TP-self-signed-3884018817
It asked:
Are you sure (y/n) Y - but I wasn't sure.
It replied with
"be sure to ask your CA administrator to revoke your certificates"
I hope I can still generate a rsa key pair
11-20-2008 08:02 PM
No worries, you can always create new RSA keys. It depends what are you trying to use them for.
Were you using them for ISAKMP authentication or for SSH connection?
Thanks,
Remi
11-20-2008 11:48 PM
I'm trying to setup my VPN. SDM created a bunch of enrties that I wanted to delete.
Now I can't seem to generate the chain with all the codes.
This is scary
11-21-2008 06:14 AM
How about going to CLI and deleteing the RSA keys first with "crypto key zeroize rsa" from global configuration mode.
Also try the following commands in exec privileged mode:
"show crypto key mypubkey rsa"
"show crypto key pubkey-chain rsa"
You should see no entries after deleteing the rsa keys with the above command.
It looks like you were trying to generate self-signed certificates for IPSec VPN authentication, am I right?
I don't do much work with SDM though because you don't have much control over what commands SDM is going to deliver to the router config. Try using more CLI, you will aslo understand more.
If you want you can attach your config file so I could take a look.
Hope it helps.
Remi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide