Impact of zeroize on frame-relay encryption

Posted on 2009-12-30
Last Modified: 2013-12-12
Hello expert,  

I have a hub and spoke layout and i am using dmvpn to secure my traffic.( PRESHARE KEYS IS USE FOR MY SECURE CHANNEL)
this is a frame-relay environment.
Recently i have encounter a few corrupt rsa key on several of my  spokes and was advise to regenerate my rsa key.
I tested this in my lab but found i have to zeroize all my rsa key then regenerate same.
In my lab i can only test the effect on one router since i am unable to simulate a frame-relay cloud to test the effect on my dmvpn tunnels.
I need to verify if the zeroizing and regenetion of my rsa key is just confined to my ssl connection from pc to remote router or will this affect my secure tunnel encryption

crypto key zeroize
(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: y
(config)#crypto key gen rsa

Question by:bobmaj
    LVL 9

    Expert Comment


    this certificate is self-signed and it is being used for HTTPS or SSH. Since you are using preshared keys you are able to remove the keys without any impact on your environment. This will not drop your VPN connections or cause downtime for them.


    Author Comment

    HELLO expert,

    >> Since you are using preshared keys you are able to remove the keys without any impact on your environment

    If i was not using preshare keys would removal of the keys have an impact i am just curious

    LVL 9

    Accepted Solution


    If you were using certificates for authentication then you could face issues with VPNs. You will not have established SAs because you will not have a certificate on your device. To be more direct, you will not have established VPN tunnels since they will be stuck in PHASE 1.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now