Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

c2811 SSH settings

Hello, I have this router as part of my DMVPN and I'd like to set up SSH to the outside interface. I have to create a rsa key but my options are as follows.

BLKLAN2800-1(config)#crypto key generate rsa ?

general-keys Generate a general purpose RSA key pair for signing and


usage-keys Generate separate RSA key pairs for signing and encryption


I've tried both as "un exported" and "exportable"

When I do this(modulus is 1024 btw) the DMVPN tunnels stop working and I get the error message below.

*Dec 29 19:43:34.039: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE default policy was matched and is being used.

*Dec 29 19:43:34.067: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE default policy was matched and is being used.

When I do a "sh cryp isa sa" I see this.

BLKLAN2800-1#sh crypto isa sa

dst src state conn-id slot status

x.x.x.x x.x.x.x MM_KEY_EXCH 1 0 ACTIVE

x.x.x.x x.x.x.x MM_KEY_EXCH 2 0 ACTIVE

any ideas on how I can implement ssh without interfering with the dmvpn portion?


Re: c2811 SSH settings

The explanation for the the error message is that the default policy is being used because the local configured policies did not match with the peer's policies.

New Member

Re: c2811 SSH settings

Have you solve you problem?

I have the same error.

New Member

Re: c2811 SSH settings

I upgraded the IOS. The IOS that was on it didn't have that option and wouldn't work with DMVPN phase 3. After the upgrade everything was fine.

CreatePlease to create content