Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1537
Views
0
Helpful
1
Replies

ASA: Crypto key size & domain-name changes effect

raza555
Level 3
Level 3

‎02-26-2020 02:54 AM

Hi,

 

I want to standardise the crypto keys on production environment ASA to 2048, as you can see from below output currently they are of variety of sizes.

Also need to change the domain name

 

Please suggest it will affect any VPN or create any other issue.  Please suggets the best steps o follow, to minimize the effect.

Belrom1# show crypto key mypubkey rsa

Key pair was generated at: 20:18:25 BST May 22 2013

Key name: <Default-RSA-Key>

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00b79dcb 45b079c6 b54dbf74 f92b290b e2b3ab74 37dabce0 c7133f5b ce856856

  df7a8724 56d854ca 14dfb41b 454117a8 5baf7c21 d2f5ed1c 2aaa8b50 85fdac6c

  d19b9a21 7e23f517 5dcc4bac eedad480 99161d60 69d8250a fcd9c149 8b7581dd

  656f4241 5819277c 28b23fcd d9592c57 1139b836 4836fa0a 446c754c 1621f712

  85ab7b84 fc83c54a e900d005 35c690aa b71987e0 39e8f16d e8d88f22 f597bb59

  6fad5141 f74cf058 71638e18 fb9c69b9 0d006604 32e7b1eb c1589b2d e11d6389

  307110f2 33f4d271 613e6e23 a2d75cb1 88ddb3b9 9815e75a b11ff18c 4927af80

  bb951921 b5158444 b4a363d6 3e9f1550 5ec30f70 0a300fc1 fa34dabe 21dfa756

  db020301 0001

Key pair was generated at: 15:39:05 BST Sep 10 2014

Key name: vpn

 Usage: General Purpose Key

 Modulus Size (bits): 1024

 Key Data:

 

  30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 0086ae97

  2573fbd4 99234245 48c63c66 73305f69 45655e86 18bf24f5 9dca0ec5 5ff9854b

  17a71b65 0a62d8a3 641806ab 2c3e0d11 cebac7ff db1d84d1 9403eab5 47d27c97

  b3b48b73 0d4d934b 4fed8a61 52f0491a 60491cb9 37802894 52dbfa1c aa7bf2e4

  04c42f8c 56a3fed5 9a178418 4c412fee 9bcca79b 3577a83a cef1483d d9020301

  0001

Key pair was generated at: 12:39:25 UTC Dec 11 2014

Key name: VPN2048

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00c33079 9c02b645 a41bb593 88fdd5ca db547e4a 7e7c9c99 b4c86896 fae37b77

  62a7a156 6acc485d 3e7ae6db 13fb145b 2198eb4f cea5f0b3 749d1d3e e1806831

  78d7f73f d03307e4 170c99ba 0f135786 6b72b901 6cda720a 3e2fa52d 88404fcb

  97822f02 47ae7eb2 1710e102 bb022b59 9d8050a3 c707fd38 5337e52c 097be60d

  995f06bf dadf133c 7fe5415b 5b1cc9e0 c1af30ea f78a44db db6e895c a842ba21

  4b2d9241 d7062d06 751c3227 d7c0d7f1 ab4f7560 3a7ea0c7 93b91472 8c1145c7

  d0c4879f 66e09543 358652b3 fefbab0b b8e59786 0130191c 0f897b05 554932ac

  ce0f4da6 8e555a5a aac16977 805bfbae 9cd16bdb f6a8b186 7ec54337 13a9a547

  d1020301 0001

Key pair was generated at: 11:00:21 UTC Mar 15 2016

Key name: <Default-RSA-Key>.server

 Usage: Encryption Key

 Modulus Size (bits): 768

 Key Data:

 

  307c300d 06092a86 4886f70d 01010105 00036b00 30680261 00bd0fd9 ac7059c2

  8ee0ffc0 1ff4bd7a bef23e88 d4839854 5d04b2f6 592ab009 6b712857 1e9c3869

  7159e38e 3929c0d4 3cb45fbb da65f467 a9937ab3 7af637a1 10fdda57 44d228dd

  d37801af 6a29b2a6 b880a291 0a70735d 7e076da9 be029ed4 75020301 0001

Key pair was generated at: 17:05:15 BST Oct 11 2016

Key name: ASDM_LAUNCHER

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00c72676 4f9be450 92addb7b 26bbef93 43533899 2b509faf d8c0c0ce 87e83716

  ccfcbfc1 7d120268 d05d3c20 f5c9ab42 f6834243 00de91b7 fcfea631 b7f4e06d

  281bc62c 96941785 53cf33f2 4fc597f3 704f4755 5075cf3f df10a208 8e485635

  0b632148 9ab95fbb d5c60c53 9f483e33 24321bb4 4e086d0d 35fd628d c4d8d4a6

  2527525a 54ff7b0a d568130e 29ef6296 b2db3fc1 cf2cef3d 8041fe43 bc730fa8

  fc406370 f9822099 cba5463f 5298ac64 f2bc4d48 8abd0c69 5736f98e 823d0afa

  a9c9a2bf b9670008 1a75fa9e 120642f6 8560d4d9 9b291dc4 bde648c3 b492bf46

  e4f8cccf 1018b484 c7fa5208 1ebc15fa 2c3623ec 25332085 8a15f109 16fe6eac

  cb020301 0001

Key pair was generated at: 10:49:32 UTC Nov 14 2016

Key name: ra1.2016.key

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00c93cd2 0e6eb5f3 fd95d11f b2858a77 c83f810c 243402d7 72dd2e84 0167cfdc

  04d4a4e6 d07c8b5e bd7b9850 a599a990 99ffe092 ffa0f902 99e3a75f 676987a3

  c02cc791 2c4f9402 17278641 4d2cbbfb 956e9f5a 864dcfa7 e038721e b99012ad

  f4024103 f2727941 817828ad c632bcfa dff2d7f8 26db4933 45ded028 fb0e71a8

  51d2539e 9d9bc78f db3feae8 50ec4de0 e7e28f4e 8fb1418e 3a847de3 3d5dfa7e

  c56db975 9e7f613d c1b310a2 9802d64c 41e5d0ce b9fc0f04 0ccc2720 36b8e5d5

  5ce92ecd 151801e7 0cf95e00 1db47435 5621b1c8 d32297dd 07c54b5e f97546ce

  3aebc496 8eee2be4 d0e2332f be411c71 99c367a0 2a44a4e9 9d1a2db1 13f39c4d

  11020301 0001

Key pair was generated at: 13:46:15 BST Aug 8 2018

Key name: VPN_Belrom1_KEY

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00d19e08 d83a7523 2929fb53 9d2b6d57 4cb1c5a4 1a2350d4 3539cbc0 4dabd425

  b8f82d40 be6ceb1c 721cba26 caf41609 e0ce25cb 587f3935 30f1b0ca cb9936ef

  61c53a8a 06dfaaba e6ef116c 1d709458 33b2a472 429395cd 9f501f33 c89f0c86

  aed32f66 1f48cf3a 43aff6cf c4b23ab7 ee529c33 92bcbc91 3218a9b3 6906fb0e

  b5784bec 581752f8 0508241a 586f4b6e 37507d5f df0dca87 a06da07b 9ebe22a2

  7a2de519 cd61e63a d522978d 57036ee6 1e7bcaee 3f8fcbfa 3aa30e33 db8222ca

  8ab8e507 b43c8a4b 0e372ca4 366f690b 4c51c258 4f6dae5c a218e3c5 3343b74f

  e94ced8a f105164e 15e453fd 159e2bb7 0ddd57b6 83d667ee 83fb1b77 2713fd52

  3b020301 0001

Key pair was generated at: 13:34:45 BST Oct 10 2019

Key name: VPN_Belrom1_KEY_2019

 Usage: General Purpose Key

 Modulus Size (bits): 2048

 Key Data:

 

  30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101

  00adfd70 942e8fab 5874f044 71a8ed20 6d46b95b d92fe233 5dfc54ff ef022b31

  ed4a1c42 b8484b9b 511a0e10 59017aa9 66c0e268 f113550c a9a1cab2 6abb644e

  b473439f 3bbc459f b43490f9 63a67ff0 c99fdfb1 748cfbcc e7b7415b 00393835

  8b8fc111 c4c25e30 9ae73799 c63621db dcc7608d 7cd9ab35 f48c0b0b ae01dc1d

  86e9b4f0 7dbaf13a 869f28d8 291eb0c5 119786db 66fc93a9 1b2cb348 3cb86e9d

  46731c34 e22010fd 9f18eeab c0ad22eb 8f66422e 4fd4bb39 2cd9e079 aa84a200

  4d4a197f 5240fa1b c35e5dad 66826afb 15c758d1 d4ab344f 0ca7d2a9 0dec51e3

  7615c912 84f2f9e0 c18a4d3d 202ba859 52e8c68c 9734fcc9 3c2ce900 4146fa75

  15020301 0001

Belrom1#

0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎02-26-2020 05:11 AM

Hi,

 

   Based on the output, you have several RSA key-pairs, and based on the name/labels of the RSA keys, it was supposed to be used for VPN:

            Key name: vpn

            Key name: VPN2048

            Key name: VPN_Belrom1_KEY

            Key name: VPN_Belrom1_KEY_2019

 

   If certificates have been issued based on either of those key-pairs, and these certificates are actively/currently used for IPsec/SSL VPN, you would need to request new certificates if you delete the keys and create new ones.

    If you want to use different RSA keys for different VPN's, make sure to specify the RSA key-pair label/name to be used within your truspoint configuration.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card