Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Moving a key-pair from one router to another

Following situation. We have 3 C7140's to setup the needed VPN tunnels to the remote C7120 or C1710. The way IKE is configured is to use rsa_encr as authentication methode. This means using public key's of eachother to authenticate. Should a central 7140 fail and replaced, then the public key of that new router will be different from the old one. This means that the config of all remote routers must be updated to have them working again via the replaced router.

This is a very big task, so is there a way to keep the created key-pair of the broken C7140 on the new C7140 ? If not, is there a trick we can use to avoid this situation ?


Re: Moving a key-pair from one router to another

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

CreatePlease to create content