12-29-2008 11:49 AM
Hello, I have this router as part of my DMVPN and I'd like to set up SSH to the outside interface. I have to create a rsa key but my options are as follows.
BLKLAN2800-1(config)#crypto key generate rsa ?
general-keys Generate a general purpose RSA key pair for signing and
encryption
usage-keys Generate separate RSA key pairs for signing and encryption
<cr>
I've tried both as "un exported" and "exportable"
When I do this(modulus is 1024 btw) the DMVPN tunnels stop working and I get the error message below.
*Dec 29 19:43:34.039: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE default policy was matched and is being used.
*Dec 29 19:43:34.067: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE default policy was matched and is being used.
When I do a "sh cryp isa sa" I see this.
BLKLAN2800-1#sh crypto isa sa
dst src state conn-id slot status
x.x.x.x x.x.x.x MM_KEY_EXCH 1 0 ACTIVE
x.x.x.x x.x.x.x MM_KEY_EXCH 2 0 ACTIVE
any ideas on how I can implement ssh without interfering with the dmvpn portion?
01-02-2009 12:59 PM
The explanation for the the error message is that the default policy is being used because the local configured policies did not match with the peer's policies.
05-01-2009 10:04 AM
Have you solve you problem?
I have the same error.
05-01-2009 10:25 AM
I upgraded the IOS. The IOS that was on it didn't have that option and wouldn't work with DMVPN phase 3. After the upgrade everything was fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: