04-07-2014 10:29 AM - edited 02-21-2020 07:35 PM
Hi all,
We have a very large DMVPN network that uses certificates. At one of the spoke sites I generated a new crypto key. While the key was being created, I lost connection to the site. It appears that the DMVPN tunnel is down.
I was not aware that a crypto key was needed if the DMVPN was using certificates.
My question is, what do I need to do to get the tunnel back up? I have no clue what I would need to do since I dont understand why a crypto key is needed for the DMVPN tunnel.
04-08-2014 01:38 AM
RSA (I assume you mention those) keys are used for as part of certificate (public key at least) when you generated new RSA keys (depending how you did it) you most likely cleared the old RSA keys, making your current certificate not matching they keys you have.
You should re-enroll your certificates.
You can do it by removing the trustpoint and authenticating & enrolling it again - depending on your config.
08-24-2018 11:59 AM
I had the same problem
Just enrolled to the previous pki certificate and tunnel went up again
I used:
You can check you pki using
sh crypto pki trustpoints
or show run
Authenticate using
config t
crypto pki trustpoint [name of the certificate]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide