01-26-2023 02:01 AM
Hey,
I am trying to re-generate a separate key-pair for SSH. Some of the sites currently use the same key-pair for SSH and GET VPN. I want to have separate keys so the risk of accidental deletion is prevented for GET VPN keys.
These are all Cisco IOS XE routers and switches. They are in production. We use PKI certificates for authentication on IKE phase 1. Will regenerating separate SSH keys affect the GET VPN encrypted traffic? Or will it take network traffic in general?
Solved! Go to Solution.
01-26-2023 03:47 AM
- Regenerating separate SSH keys for your Cisco IOS XE routers and switches should not affect the GET VPN encrypted traffic or take down network traffic in general. The SSH key pair is used for authentication to the device's command-line interface (CLI) and does not affect the encryption of the GET VPN traffic.
M.
01-26-2023 03:24 AM
I dont try before, but how same key-pair using for GET VPN and SSH ?
01-26-2023 03:47 AM
- Regenerating separate SSH keys for your Cisco IOS XE routers and switches should not affect the GET VPN encrypted traffic or take down network traffic in general. The SSH key pair is used for authentication to the device's command-line interface (CLI) and does not affect the encryption of the GET VPN traffic.
M.
01-26-2023 12:32 PM
Thanks for the reply. One more question.
Will updating the Identity certificate for an IOS XE switch or router cause traffic loss for GETVPN?
I am updating the certificates for ISAKMP policy authentication to a cert signed by new CA intermediate server
01-26-2023 01:01 PM
@Dakenrick create a key pair with a label and then configure SSH or the VPN trustpoint to use that key pair, that way you know it will not conflict.
Example:
crypto key generate rsa modulus 2048 label SSH_RSA
!
ip ssh rsa keypair-name SSH_RSA
or do the same for the VPN certificate.
crypto key generate rsa modulus 2048 label VPN_KEY
!
crypto pki trustpoint VPN_TRUSTPOINT
rsakeypair VPN_KEY
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide