Cisco Community
English
Register
Join the Webex special event conversation for a chance to win NEW Webex swag!
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Not able to see RSA keys in the FWSM configuration

Labels:
1035
Views
0
Helpful
0
Comments
TCC_2
Advocate
‎06-22-2009 06:07 PM
edited on: ‎03-08-2019 ‎06:27 PM

Core issue

The RSA keys that are needed for secure shell (SSH) access to the device do not appear in the configuration. The cryptochecksum is all zeros in the output of the show run command, and there is no output from the show ca mypubkey rsa command.

When you issue the write memory all command from the system context, the Firewall Services Module (FWSM) indicates that the command has failed.

Resolution

Issue the write memory and ca save all commands on the active FWSM. The saved configurations and RSA keys can be checked with the show start and show ca mypubkey rsa commands.

Note: The all option for the write memory command in FWSM is introduced in version 3.1(1).

The general purpose key is generated when the ca generate rsa key command is issued and the encryption key is for SSH. The encryption key does not show up until a user SSHs to the FWSM.

0 Helpful
Latest Contents
ISW CWA & PROFILING
Created by Rami Ibrahim on 06-13-2021 05:01 AM
0
0
0
0
Hi Guys, Just reading about ISE profiling I got a little bit confused , I can imagine a case where CWA is configured on ISE along with Profiling (whatever probes enabled).  I know that CWA consist of two phases and phase 1 main goal is to r... view more
Cannot establish OSPF neighbor with loopback 3.3.3.3 in ASAv
Created by Charlie1010 on 06-13-2021 12:45 AM
14
0
14
0
I have established OSPF neighbors with ASAv and routers Outside, dmz_b, inside_1 and inside2.Each router has its own loopback interface from 1.1.1.1 to 4.4.4.4 as below showed.  But 3.3.3.3 cannot establish OSPF neighbor of ASAv. But I have adve... view more
Cisco Anyconnect Secure Mobility Client Popups
Created by fkuhle on 06-13-2021 12:27 AM
2
0
2
0
Hi, I am getting a pop up from 'Cisco Anyconnect Secure Mobility Client' on my Mac which says "The VPN client agent was unable to create the client DNS plugin manager.".  I have uninstalled Cisco Anyconnect Secure Mobility Client but I'm still g... view more
Is there a way to debug DACL pushed from ISE??
Created by MALi-786 on 06-12-2021 11:54 PM
2
0
2
0
ISE is pushing DACL on a switch port but my required communication is not working. Just wondering if there is a way I can debug or see what is being blocked by this DACL???  Kindly help.
DNS not working w/ IPv6 on Firepower 1120
Created by dposmondsr7367 on 06-12-2021 09:03 AM
0
0
0
0
I have a new Firepower 1120 that is working today after some help from members of the community.  I have found that all of my Windows systems running IPv4 have proper DNS records and can access URLs on the outside.  But any device that is IPv6 d... view more
Content for Community-Ad