?
Solved

Impact of zeroize on frame-relay encryption

Posted on 2009-12-30
3
Medium Priority
?
306 Views
Last Modified: 2013-12-12
Hello expert,  

I have a hub and spoke layout and i am using dmvpn to secure my traffic.( PRESHARE KEYS IS USE FOR MY SECURE CHANNEL)
this is a frame-relay environment.
Recently i have encounter a few corrupt rsa key on several of my  spokes and was advise to regenerate my rsa key.
I tested this in my lab but found i have to zeroize all my rsa key then regenerate same.
In my lab i can only test the effect on one router since i am unable to simulate a frame-relay cloud to test the effect on my dmvpn tunnels.
I need to verify if the zeroizing and regenetion of my rsa key is just confined to my ssl connection from pc to remote router or will this affect my secure tunnel encryption

crypto key zeroize
(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: y
(config)#crypto key gen rsa


ReGARDS
0
Comment
Question by:bobmaj
  • 2
3 Comments
 
LVL 9

Expert Comment

by:predragpetrovic
ID: 26144962
hi,

this certificate is self-signed and it is being used for HTTPS or SSH. Since you are using preshared keys you are able to remove the keys without any impact on your environment. This will not drop your VPN connections or cause downtime for them.

predrag
0
 

Author Comment

by:bobmaj
ID: 26146314
HELLO expert,

>> Since you are using preshared keys you are able to remove the keys without any impact on your environment

If i was not using preshare keys would removal of the keys have an impact i am just curious

0
 
LVL 9

Accepted Solution

by:
predragpetrovic earned 2000 total points
ID: 26146349
Hi,

If you were using certificates for authentication then you could face issues with VPNs. You will not have established SAs because you will not have a certificate on your device. To be more direct, you will not have established VPN tunnels since they will be stuck in PHASE 1.

predrag
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question