09-02-2010 04:05 PM
I thought an SSL VPN would be good but everytime I go to connect to it I have click through security warnings and install a securty certificate. Other than that the VPN works, however there will be less tech savy (and paitent) users using this vpn, and they will not want to have to click through a bunch of security warnings to get to the VPN. So is there a way I can have the user connect to a web portal once and that will download the VPN any connect software on thier computer then after that all they have to do is open the any connect software and type in a username and password and preferably have the vpn software remember the ip address for them? Also if this could be done via CCP that would be great, I'm new to Cisco routers and don't know the command line yet. If it can't be done via ccp then I guess I'll have to bite the bullet and do it via command line. Thanks.
Solved! Go to Solution.
09-09-2010 10:53 PM
Well, you might need to read the config guide and command ref if you would like to learn how to use command line.
09-10-2010 08:38 AM
Ok, this is the only link which I found on CCO about using CCP to configure Anyconnect on the router.
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml
But it does not inclued info of generating certificate. If you would like to get rid of those certifcate popup windows, you have to generate the self-signed certificate like what I mentioned before. Sorry, I never play with CCP before. But it should be doable on CCP as well.
09-10-2010 12:50 PM
I think I follow what I need to do here except for one detail. When you are saying stuff like fqdn 172.16.182.87 and subject-name CN=172.16.182.87 what is the 172.16.182.87 address? is that where I would put the ip address my ISP assigned to me?
09-10-2010 01:17 PM
Yes, that's the public IP address which you got from your ISP.
Anyconnect client will use it to connect to your router.
Do you have a static public IP? I saw your router is configured as DHCP client.
09-10-2010 01:19 PM
yes it is a static ip assigned by the isp.
09-10-2010 01:21 PM
Ok, that's good. Otherwise, you have to use DNS name.
09-10-2010 01:37 PM
I'm making progress here. I get to this step "4. crypto pki enroll self-signed" I enter in crypto pki enroll TP-self-signed-41228344 and the message that comes back is:
CA server trustpoint 'TP-self-signed-41228344' is not known.
What am I doing wrong?
09-10-2010 10:27 PM
What trustpoint name did you configured in step 2?
You need use the same trustpoint name in "crypto pki enroll
You need check the following configuration as well to use the same trustpoint name which you configured in step 2.
webvpn gateway gateway_1
ssl trustpoint TP-self-signed-4112746227 <<<<< Replace "TP-self-signed-4112746227" with new trustpoint name.
09-13-2010 07:18 AM
here are the exact steps I followed:
I changed the host name from yourdomain.com to *external IP address*
crypto pki trustpoint TP-self-signed-4112746227
(TP-self-signed-4112746277 was already there, I guess that is the one that CCP created, so I just wanted to edit that one)
enrollment selfsigned
fqdn *external IP Address*
subject-name CN=*external IP address*
rsakeypair test
crypto pki enroll self-signed rypto pki enroll TP-self-signed-4112746227
That's when I get the error. Alos now i don't seem to have nay vpn access. when I go to https://*external ip address* I get a page cannot be displayed error.
09-13-2010 08:31 AM
Can you send me the following output?
show crypto ca cert
show crypto key mypub rsa
show run
09-13-2010 10:36 AM
Show Crypto ca cert:
Router Self-Signed Certificate
Status: Available
Certificate Serial Number: 0x2
Certificate Usage: General Purpose
Issuer:
cn=IOS-Self-Signed-Certificate-4112746227
Subject:
Name: IOS-Self-Signed-Certificate-4112746227
cn=IOS-Self-Signed-Certificate-4112746227
Validity Date:
start date: 14:15:27 PCTime Sep 10 2010
end date: 17:00:00 PCTime Dec 31 2019
Associated Trustpoints: TP-self-signed-4112746227
Storage: nvram:IOS-Self-Sig#8.cer
Show crypto key mypub rsa:
% Key pair was generated at: 15:33:19 PCTime Jun 9 2010
Key name: TP-self-signed-4112746227
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable.
Key Data:
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00E0195E
CA90611B 264BA900 CB9644F5 5859F7E8 B6291611 FF750CC1 F84F99BB 531024D9
0BDF1AC4 FE58417F C2F5124B 62F7B945 5C58D8DF F4EE8042 EB09AE50 BF3B9027
5BF68D01 D18313CE 3BC743E0 BA0AEDF1 DC52142F 2DB892B3 877BCC06 68D12049
9FE43AC5 4B0E7939 459CAD8C 5ADB8529 F24C6B1C 2C06E347 DC26DC42 45020301 0001
% Key pair was generated at: 14:44:41 PCTime Sep 10 2010
Key name: HTTPS_SS_CERT_KEYPAIR
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 0096B970 35F7601D
5274FE99 104D332A C184E1B8 7B6E80DB F021329A 4060E954 73BD204D E7D1BC8A
F7B970D7 C8641C3F 0FB1C343 3FBB92AD AFC8077A 74DAE087 65365BE2 C9EAD501
6D4B606D 16F4F69A 95E3E11C A75DE920 CA733FAC E6024DE1 51020301 0001
% Key pair was generated at: 11:00:11 PCTime Sep 13 2010
Key name: TP-self-signed-4112746227.server
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00E0F3E5 188FF4A3
43B34598 BF62BBFA 839B6511 529DB9C2 7B71EAD3 EAF6D5FA 595C3601 360CD573
4AA3B205 025FA0E7 633BC1A6 C3C34CE9 92D37B8E F2DD3C0D 4DD4FD3A 9CB18FAF
1EF79244 03490CB8 C148A736 37879D87 D1C57580 FE8B3136 49020301 0001
show run:
Building configuration...
Current configuration : 15678 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname *host name*
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret *password*
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name e=sdmtest@sdmtest.com
revocation-check crl
!
crypto pki trustpoint TP-self-signed-4112746227
enrollment selfsigned
fqdn *external ip address*
subject-name CN=*external ip address*
revocation-check none
rsakeypair test
!
crypto pki trustpoint tp-self-signed-4112746277
enrollment selfsigned
fqdn *external ip address*
subject-name CN=*external ip address*
revocation-check crl
rsakeypair test
!
!
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain TP-self-signed-4112746227
certificate self-signed 02
30820257 308201C0 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313132 37343632 3237301E 170D3130 30393130 32313135
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31313237
34363232 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E019 5ECA9061 1B264BA9 00CB9644 F55859F7 E8B62916 11FF750C C1F84F99
BB531024 D90BDF1A C4FE5841 7FC2F512 4B62F7B9 455C58D8 DFF4EE80 42EB09AE
50BF3B90 275BF68D 01D18313 CE3BC743 E0BA0AED F1DC5214 2F2DB892 B3877BCC
0668D120 499FE43A C54B0E79 39459CAD 8C5ADB85 29F24C6B 1C2C06E3 47DC26DC
42450203 010001A3 7F307D30 0F060355 1D130101 FF040530 030101FF 302A0603
551D1104 23302182 1F4C6574 68627269 6467655F 53434144 412E796F 7572646F
6D61696E 2E636F6D 301F0603 551D2304 18301680 149F4E46 8DB29BD6 9657D5DD
D700A6F8 DC4D7E28 9D301D06 03551D0E 04160414 9F4E468D B29BD696 57D5DDD7
00A6F8DC 4D7E289D 300D0609 2A864886 F70D0101 04050003 81810050 8CA99031
63FDE47E 1211CABE F928262D 0B5A0F98 5E0AC93D 3E66CDCF 1E0C376F 3ED388E8
A1278120 46022932 DB449A54 7EA9138F 47478F6A AFDCA706 F3E9206E 718F668C
1605681B B77BA23B 1B9DD266 FCC57E97 EE835F5B 60546C0C 12E0BB4B D72600E0
ED01F4DB B6880EA6 246C4502 73CCAB49 7787CB05 BC38D2CC 78FD41
quit
crypto pki certificate chain tp-self-signed-4112746277
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.11.100.1 10.11.100.99
!
ip dhcp pool ccp-pool1
import all
network 10.11.100.0 255.255.255.0
default-router 10.11.100.1
!
!
no ip bootp server
ip domain name *external ip address*
!
multilink bundle-name authenticated
!
!
username administrator privilege 15 secret *password*
username VPNuser privilege 7 secret 5 *password*
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key Cisco1811VPN address *external ip address 2*
crypto isakmp key Cisco1811VPN address *external ip address 3*
!
crypto isakmp client configuration group VPN_users
key *shared key*
pool VPN_Pool
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_users
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA2
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to*external ip address 2*
set peer *external ip address 2*
set transform-set ESP-3DES-SHA
match address 102
!
crypto map SDM_CMAP_2 1 ipsec-isakmp
description Tunnel to*external ip address 3*
set peer *external ip address 3*
set transform-set ESP-3DES-SHA1
match address 106
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 104
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 109
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 107
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
match access-group 110
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 101
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 103
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all SDM_VPN_PT0
match access-group 108
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-cls-sdm-permit-ip-1
match access-group name VNC
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class class-default
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT0
pass
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
!
!
!
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_2
!
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.11.100.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip local pool VPN_Pool10.11.100.50 10.11.100.99
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
ip access-list extended SDM_WEBVPN
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended VNC
remark CCP_ACL Category=128
permit ip any host 10.11.100.101
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.11.100.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any host *external ip address*
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.11.100.0 0.0.0.255 10.11.101.0 0.0.0.255
access-list 103 remark CCP_ACL Category=128
access-list 103 permit ip host *external ip address 2* any
access-list 103 permit ip host *external ip address 3* any
access-list 104 remark CCP_ACL Category=0
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 105 remark CCP_ACL Category=2
access-list 105 remark IPSec Rule
access-list 105 deny ip 10.11.100.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 105 remark IPSec Rule
access-list 105 deny ip 10.11.100.0 0.0.0.255 10.11.101.0 0.0.0.255
access-list 105 permit ip 10.11.100.0 0.0.0.255 any
access-list 106 remark CCP_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 10.11.100.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 107 remark CCP_ACL Category=0
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.11.100.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 108 remark CCP_ACL Category=128
access-list 108 permit ip host *external ip address 3* any
access-list 109 remark CCP_ACL Category=0
access-list 109 remark IPSec Rule
access-list 109 permit ip 10.11.100.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 110 remark CCP_ACL Category=0
access-list 110 remark IPSec Rule
access-list 110 permit ip 10.11.100.0 0.0.0.255 10.11.100.0 0.0.0.255
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 105
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username
Replace
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn gateway gateway_1
ip address *external ip address* port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4112746227
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context VPN_Pool
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
svc keep-client-installed
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice
!
end
09-13-2010 10:54 AM
The problem is that you configured to use keypair "test" in the trustpoint but you did not generate the key with label "test".
Please following the extactly steps below.
1. generate a key with name "test"
crypto key generate rsa modulus 1024 label test
2. remove "ip domain name" If it is configured
no ip domain name xxxx.xxx
3. configure your trustpoint like following
crypto pki trustpoint self-signed
enrollment selfsigned
fqdn
subject-name CN=
rsakeypair test
4. change your host name to IP address.
hostname
5. crypto pki enroll self-signed
6. change your hostname back to its previous name.
7. add "ip domain name" back
8. change webvpn config to point to the new trustpoint
webvpn gateway gateway_1
ssl trustpoint self-signed
Then try the webvpn by using your public IP.
09-13-2010 12:38 PM
I'm following your steps exactly but wehen I get to
4. change your host name to IP address.
hostname
I get an error that syas hostname contains illegal characters. There dosen't seem to be be any other errors so I continue on. I'm still not getting the web page when I type in the ip address, I'm still getting a page cannot be displayed error. Also the hostname and domain name are mixed up. The hostname is the external IP address and the domain name is Cisco_Router. Should it be this way?
09-13-2010 01:54 PM
Nevermind the part about the hostname and domain name being mixed up I got that fixed, but the ssl VPN still
isn't working.
09-13-2010 02:27 PM
can you paste the following again?
show crypto ca cert
show crypto key mypub rsa
show run
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide