DMVPN Down After Generting Crypto Key

Russell Stamey · ‎04-07-2014

Hi all,

We have a very large DMVPN network that uses certificates. At one of the spoke sites I generated a new crypto key. While the key was being created, I lost connection to the site. It appears that the DMVPN tunnel is down.

I was not aware that a crypto key was needed if the DMVPN was using certificates.

My question is, what do I need to do to get the tunnel back up? I have no clue what I would need to do since I dont understand why a crypto key is needed for the DMVPN tunnel.

Marcin Latosiewicz · ‎04-08-2014

RSA (I assume you mention those) keys are used for as part of certificate (public key at least) when you generated new RSA keys (depending how you did it) you most likely cleared the old RSA keys, making your current certificate not matching they keys you have.

You should re-enroll your certificates.

You can do it by removing the trustpoint and authenticating & enrolling it again - depending on your config.

mohsinarif12 · ‎08-24-2018

I had the same problem
Just enrolled to the previous pki certificate and tunnel went up again
I used:

You can check you pki using
sh crypto pki trustpoints

or show run

Authenticate using

config t

crypto pki trustpoint [name of the certificate]