I was under the impression (from past experiences) that SSH self-signed certificates are made up of the Hostname and the Domain Name of the router.
I have been working on a customer network and I can see that the SSH RSA certificate is using the old hostname of the device+domain name but SSH still works both inbound and outbound on the VTY lines!
I thought you had to zeroize the keys and recreate using the crypto key generate rsa command in order to continue to use SSH after a hostname change so that the new certificate contains the new hostname?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...