Following situation. We have 3 C7140's to setup the needed VPN tunnels to the remote C7120 or C1710. The way IKE is configured is to use rsa_encr as authentication methode. This means using public key's of eachother to authenticate. Should a central 7140 fail and replaced, then the public key of that new router will be different from the old one. This means that the config of all remote routers must be updated to have them working again via the replaced router.
This is a very big task, so is there a way to keep the created key-pair of the broken C7140 on the new C7140 ? If not, is there a trick we can use to avoid this situation ?
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...