|
Posted by lesniak81 on July 21, 2008, 10:18 am
If you were Registered and logged in, you could reply and use other advanced thread options
> In article <8ce7bb6e-f49b-4650-a98b-5a66aeaf9...@c58g2000hsc.googlegroups=
.com>,
>
> >I got this error when I tried to change hostname on PIX 501. I have
> >discovered that pix uses host name and domain name to generate rsa
> >key. Is the following enough to sort this problem out?
> >#ca zeroize rsa
> >#hostname new_name
> >#ca gen rsa key 512
> >#ca save all
>
> You shouldn't need to zeroize the rsa, but it wouldn't hurt to do so.
> The procedure looks fine.
>
> >What are the consequences? Will that disconnect my vpn users?
>
> I believe that eventually, Yes: the next time the key would normally
> be negotiated (typically one hour), that due to the RSA key change,
> the negotiation would fail, resulting in a disconnect. If you have
> host VPN client connections, I don't have a prediction as to what would
> happen at that point. For site-to-site connections, as soon as
> the remote site had data to send, it would attempt to reconnect,
> and that reconnection should work. So my prediction is that site-to-site
> connections might experience a brief pause for renegotation, but
> would be fine otherwise, but possibly VPN clients might have to
> request to reconnect.
THANKS! :-)
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map