Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

DMVPN Down After Generting Crypto Key

Hi all,

We have a very large DMVPN network that uses certificates. At one of the spoke sites I generated a new crypto key. While the key was being created, I lost connection to the site. It appears that the DMVPN tunnel is down.

I was not aware that a crypto key was needed if the DMVPN was using certificates.


My question is, what do I need to do to get the tunnel back up? I have no clue what I would need to do since I dont understand why a crypto key is needed for the DMVPN tunnel.

Cisco Employee

RSA (I assume you mention

RSA (I assume you mention those) keys are used for as part of certificate (public key at least) when you generated new RSA keys (depending how you did it) you most likely cleared the old RSA keys, making your current certificate not matching they keys you have. 


You should re-enroll your certificates. 

You can do it by removing the trustpoint and authenticating & enrolling it again - depending on your config. 

CreatePlease to create content