Deployment to connect on a router that is already running an ssh IPSec tunnel

I have a bunch of routers that have been made (by someone else!) with Internet IPsec tunnels to the base, but with a telnet vty access network. It must be updated so that only ssh is available for use vty.

Its pretty easy to deploy ssh, but part of the task is to generate an encryption key, "generate the rsa encryption key" etc, if I try to do the configuration without this command, I get an error message asking me to do.

And there is the problem: when I generate a key, it screws the existing IPsec tunnel somehow. Worse still, is not do so immediately, he's waiting for an indefinite period, probably (I guess) until after the tunnel IPsec has been idle for a period and has stopped/started, while I * think * is happening is that on the re-opening of the tunnel, he picks up the wrong key, and the other end kills the link. Newspapers have nothing relevant in them, and I always try to have the failure occur on a router running the debugging.

Has anyone tried to do this before update? should we put ssh first, and then rebuild the config of IPsec tunnel?

Thanks for your ideas/comments

Jim

If the IPSec VPN using certificate authentication, RSA keys regeneration may be bad. Without knowing your IPSec configuration, I would say that the best approach would be to generate an SSH key that will not interfere with it. Try something like this:

 crypto key generate rsa modulus 2048 label RSA_Key_SSH ip ssh rsa keypair-name RSA_Key_SSH

This will generate a new key, which is independent of any existing keys and configure SSH to use.

Tags: Cisco Security

Similar Questions

  • ASA5505 - connection reset when you try to SSH IPSEC tunnel

    Hello

    VPN IPSEC just bought myself an ASA5505 to replace a PIX 501 and having been transferred to the bulk of the previous configuration, I managed to get the two tunnels to work as before.

    Unfortunately when I try and SSH for the SAA the right connection restores instantly even when the tunnel is up. It seems as if the ASA actively refuses the connection, if the journal does not specify this. I had always assumed that the traffic on an established IPSEC tunnel has been implicitly trust and not subject to the usual rules of access list.

    I can't SSH to the ASA in the 10.0.0.x range, but I can't SSH to a machine on 10.27.0.4 (I know the tunnel is up and working)

    Reference attached config (less sensitive information not relevant).

    Also - although I'm not sure of the relevance is given the tunnels seem to work - when I get the line "meepnet-map outside crypto map interface" in the reports of the ASA configuration mode "warning: the crypto map entry is incomplete!" even though I provided the access list, peers, and transform-set variables.

    Any help gratefully received! :)

    Thank you

    DAZ

    Hello Darren,

    Please mark as answer, if your querry is resolved. Enjoy your time!

    Kind regards

    Ankur Thukral

    Community Manager - security & VPN

  • 1 program still needs to be closed: (waiting for) task host window's task to stop execution and stopping tasks that are already running

    While the closure of the pc I got the message: "1 program still needs to be closed: (pending of) task host window's task to stop execution and stop tasks that are already running".but there is no program running and I have to force it to close.how to solve?

    Hello

    Thank you for contacting Microsoft Community.
    Windows, then closing, checks all open programs. If there is, it sends a request for the program to close and wait until the program closes safely, to avoid any loss of data. But, Windows is waiting for some specified
    If you are sure that none of the programs are obviously open, you can try the following steps:
    Press Windows key + r, Type regedit and pres enter. If UAC prompts, click Yes. Go to HKEY_LOCAL_MACHINE-> expand System-> expand CurrentControlSet-> click on command (exapnd no do this). When you click (or select) control, you can see WaitToKillServiceTimeout. Double-click it to change the value. Set the value to 500 or less than that. Click Ok, and then close the registry editor. Now, restart the PC. If the problem persists, stop and try again and check.
    Be careful with registry access as incorrect values or remove the unknown keys can prevent Windows to start and it will fix it.
    Response if the issue is not resolved.

  • Install windows xp pro 32-bit on pc that is already running Windows XP pro 64 bit. Product key does not work

    I have a windows xp pro 64 - bit PC. I would like to install windows xp pro sp3 32-bit. This is a PC that was used in our Engineering Department and now will be sent to a standard user in our society. I went through the installation and when I enter the product key on the COA label a message that is not valid. Do I need a different product key to install the 32-bit version of XP?

    A Windows XP 64-bit product key will not work with Windows XP 32-bit installation media.  You would need a genuine Windows XP 32 - bit product key. Carey Frisch

  • 15 - r074TU: laptop does not connect to the router

    Day sum... .my laptop (model No. 15r074TU) with window 8.1 does not connect to the router that is D-link

    I uninstalled my driver reinstalled again, but it didn't work... even if I formatted my laptop, reconfigure the router and... done with all possible measures to overcome this problem, but have ultimately failed. Please suggest ways to tackle this problem as soon as possible...

    Follow the wizards in the following forum sticky and troubleshooting.

    http://h30434.www3.HP.com/T5/notebook-wireless-and-networking/common-fixes-for-wireless-connectivity-issues/m-p/4831601#M86871

  • I have five Airport extreme with their network of people names different location home.  I have a brighthouse router that I use to connect to all the extremes of the airport.  I experienced the problem of connection to the internet.

    I have five airport extreme, with their network of people of names in a different location in the House.  I have a brighthouse router that I use to connect to all the extremes of the airport.  I experienced the problem of connection to the internet.

    Are all connected to the Brighthouse router by Ethernet extremes? Are all of the extremes configured as bridges?

  • Wireless printer Lexmark X 4850 and a netgear router that does not connect while I can print

    Rookie PC user...

    I have a Lexmark X 4850 wireless printer and a netgear router that does not connect while I can print ggggrrrr....!
    I checked all plugs and connections, the reboot several times and am about to throw it out the window... Help!

    Hello

    Welcome to the Microsoft Community and thanks for posting the question.

    According to the description, it looks like the wireless Lexmark X 4850 printer is not to connect to the wireless router.

    Visit this link that should help you with this problem.

    http://support.Lexmark.com/index?page=content&ID=FA697&locale=en&UserLocale=en

    Note: Using third-party software or the link, including hardware drivers can cause serious problems that may prevent your computer from starting properly. Microsoft cannot guarantee that problems resulting from the use of third party software or link can be resolved. Using third-party software, or the link is at your own risk.

    If this fails to resolve the problem, visit this link and read "need help?"

    http://www1.Lexmark.com/us/en/view/printers%20&%20MultiFunction/Lexmark-X4850/CATID=cat170005-category&prodId=4145-product

    I hope this helps. If you have questions more related to Windows, feel free to post here at Microsoft Community.

  • While trying to install a Linksys E1500 he repeats that my computer is not connected to the router.

    Computer problems and the router

    I have a windows xp 2002 with service Pack 3. While trying to install a Linksys E1500 he repeats that my computer is not connected to the router. Ive tried a new cable and it does not solve the problem. He also said that my computer does not have wireless capabilities. Any suggestions?

    You'll be much more likely to get useful (or even possible) suggestions if you provide the full text of the error messages you get, without paraphrasing.

    For example:

    He repeated to me that my computer is not connected to the router. --> What is the real error message?

    He also said that my computer lacks wireless capabilities--> what is the error message itself?

    You are "trying to connect via a cable" to the router or you're talking about your Internet service (for example, the router is connected to the Internet via a cable)?

    You think that your computer has "wireless capabilities?  Open the Device Manager (start > run > devmgmt.msc > OK), then click on the + sign next to "network adapters."  Please provide the names of any devices listed there.

    Is your computer without a name, a laptop?  There a name of brand anywhere (for example, Toshiba, HP, Dell, etc.)?

    Open System Properties (start > run > msinfo32 > OK)
    Click Edit > select all
    Click Edit > copy
    Right-click in your response here and select Paste
    Be sure to hide the "System name" or "User Name" if it makes you feel better, but please do not remove anything else.

  • I want to see all the devices that are connected to my router

    I have a router E1200 and it is very good, however I have noticed that there are 12 devices connected to my router so infact it should be only 4 devices. I would like to see all the devices that are connected and disconnect those who do not belong to HELP!

    You use software to see all the devices that are supposed to be connected to your router? You can reset and start over with your router.  Make sure you have security enabled on it as WPA Personal. You can try a DHCP reservation so to ensure that devices that will have access to your router are those you have included on the list.

  • Impossible Windows 7 computer upstairs to connect to a new router that I just installed. It worked fine before.

    I changed ISP and changed my wireless routers. My computer laptop windows 7 connects perfectly, no problem. Cannot connect my desktop computer which is on the floor. IF I take my laptop it it works fine. I changed the settings secure to unsecured and it connected correctly. When I changed this back in would not work again.
    It says that windows is unable to connect to my router. I have reset my modem and router and it continues to happen... What can I do?

    original title: unable to connect to the wireless router.

    Hello

    Actually try updating your driver and disabling the network logon.

    Control Panel - network - write down of the brand and the model of the Wifi - double click top - tab of the driver - write
    version - click the driver update (cannot do something that MS is far behind the pilots of certification). Then
    Right click on the Wifi device and UNINSTALL - Reboot - it will refresh the driver stack.

    Look at the sites of the manufacturer for drivers - and the manufacturer of the device manually.
    http://pcsupport.about.com/od/driverssupport/HT/driverdlmfgr.htm

    How to install a device driver in Vista Device Manager
    http://www.Vistax64.com/tutorials/193584-Device-Manager-install-driver.html

    Download - SAVE - go where you put it - right click – RUN AS ADMIN.

    You can download several at once however restart after the installation of each of them.

    After watching the system manufacturer, you can check the manufacturer of the device an even newer version. (The
    manufacturer of system become your backup policies).

    Repeat for network (NIC) card and is a good time to get the other updated drivers as Vista like
    updated drivers.

    I would also turn off auto update for the drivers. If the updates Windows suggests a just HIDE as they
    are almost always old, and you can search drivers manually as needed.

    How to disable automatic driver Installation in Windows Vista - drivers
    http://www.AddictiveTips.com/Windows-Tips/how-to-disable-automatic-driver-installation-in-Windows-Vista/
    http://TechNet.Microsoft.com/en-us/library/cc730606 (WS.10) .aspx

    ------------------------------------------------------

    Make sure you know the details of connection to your wireless router - SSID and password.

    You lose connection when you do and have to redo your logon.

    Control Panel - Network & Sharing Center - right, click Customize - page set of network locations.
    lower left click on merge or delete network locations - REMOVE all instances of your network (and the
    others you don't use anymore) - REBOOT. Start - Connect To log on to the network.

    -----------------------------------------------------

    Check this box:

    Strange problem with Internet under Vista
    http://www.catonett.com/blog/archives/194

    Windows Vista cannot obtain an IP address from certain routers or some non-Microsoft DHCP servers
    http://support.Microsoft.com/kb/928233/en-us

    ----------------------------------------------------

    And:

    Network connection problems
    http://windowshelp.Microsoft.com/Windows/en-us/help/33307acf-0698-41ba-B014-ea0a2eb8d0a81033.mspx

    I hope this helps and happy holidays!

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">

  • DHCP server on a VM guest that is connected to a router (in AP mode) works on the host Linux (Fedora), but not on the host Windows (XP)

    I'm in dual boot Fedora and Windows XP, and configure a server vmware 2.0.0 122956 on both.

    Here is my config:

    Internet - Modem - vm_gw - vmnet1 (host) - vm_dhcp - router Wireless ADSL - computers laptops

    There are two physical network adapters on my host.  On the virtual machine that connects to the internet (vm_gw), I have one of the network adapters physical bridge (as vmnet0) to dial the ADSL modem and set up a network of hostonly (vmnet1) share the internet connection of the VM on the host and other virtual (vm_dhcp) computer.  On the virtual machine which also shares the internet connection to a wireless (vm_dhcp), I fill the other physical network (like vmnet2) adapters to connect to a router (in AP mode) and have a configuration of DHCP server on it and set up a hostonly (vmnet1) network to get its internet connection of vm_gw.

    I installed proper routing on my host computer and two virtual machines and this config works very well on my Fedora host.  However, the DHCP installation part does not work on my Windows XP host computer.

    The difference between my host Fedora and XP is on Fedora host, can I have two network adapters physical activated with a config 'empty' (to use DHCP or static) as in:

    DEVICE = eth0

    HWADDR = 00:11:22:33:44:55

    ONBOOT = yes

    TYPE = Ethernet

    and

    DEVICE = eth1

    HWADDR = 55:44:33:22:11:00

    ONBOOT = yes

    TYPE = Ethernet

    And there is no conflict on the physical network adapters between the host and the virtual machines.

    However, on XP host, I HAVE to configure the network adapters physical to use DHCP or static.

    If I place the physical network adapter (on the XP host) who will fill to vm_dhcp using DHCP, it will get an IP address from the wireless router and the DHCP server on vm_dhcp doesn't seem to be able to 'find' the wireless router and assign an IP address that him.

    Then I tried to configure the physical network card to use the static IP address (and assign it a fictitious IP address e.g. 192.168.123.1/255.255.255.0) to see if it would work, but it does not work either.

    Then I also tried to "simulate" the 'empty' network on Fedora config using regedit and delete (192.168.123.1/255.255.255.0) IP address on the network config and it does not work.

    Well, I'm out of ideas and I came here as a last resort.  Any suggestion/discussion is welcome.

    Thanks for reading.

    WLPL

    Simple question, I know, but is the Windows XP firewall is enabled?

  • remote access to the computer that is connected to a router wireless

    Hello Forum members

    I have a 4-port/router set-up wireless (compatible VPN) in the office.

    3 PC (Windows 7 Pro) is connected to a router (wired connection).

    1 VOIP adapter is connected to a router (wired connection).

    1 PC (Windows XP Pro SP3) is connected to a router (Wi - Fi).

    When I'm on the field, I need to access these devices via VPN. I can access 3 PC (connecting to the wired router) via VPN.

    However, I can not connect to a PC (wireless connection to the router) via VPN.

    Could you please tell me how I can access this PC (wireless connection to the router) via VPN?

    This PC (Windows XP Pro SP3) seems to need further adjustments under Windows Service.

    Thank you.

    Hello

    The question you have posted will be well suited in the TechNet forums. Click on the link below.

    http://social.technet.Microsoft.com/forums/en-us/itproxpsp/threads

  • Loss of connection with my router, shows only limited access and my network showed that unidentified

    Original title: unidentified network, missing the default gateway

    Hello

    So one day out of the blue I lost connection with my router. I was able to reconnect but this time around I had only limited access and my network showed non-identified. I tried to connect to a different wireless network, same thing. When I run ipconfig, I'm missing a value for the default gateway.

    I tried to:

    -Reinstall the drivers for the adapter

    -update the drivers

    -Reset my router

    -Gateway ipv4 manually of entry

    -kill lan via Device Manager drivers

    -scream at the computer

    I have a Setup to dual boot with Linux Mint along side Windows 7. When I boot in Linux it connects to any network without problem.

    Some help would be appreciated.

    Plug

    Windows 7 Ultlimate

    I7-4700MQ @2.4

    GTX 765M 2 GB

    8 GB RAM

    1 TB + 240SSD

    Realtek RTL8188CE wireless

    Hello Alex,.

    Thank you for your response.

    I appreciate your time.

    I suggest you to uninstall the network driver wireless and reinstall in compatibility mode.

    To uninstall the driver, follow these steps:

    a. press Windows + R keys together, type devmgmt.msc in the run window and press ENTER.

    b. Click to expand network adapters, right-click on the map and click Uninstall.

    c. restart the computer.

    Now you can Download driver from this link wireless.
    Reference:
    http://downloads.Eurocom.com/support/drivers/zip/238/238_RealtekWLAN_W764.zip

    For reference:
    EC http://www.Eurocom.com/EC/drivers (238)

    To reinstall the driver in compatibility mode, follow these steps:

    a. right click the driver file, and then click Properties.

    b. click on the compatibility tab.

    c. click on check "run this program in compatibility mode for" and select Windows XP(Service pack 3).

    d. click apply and ok.

    Now, install the driver.

    Please keep us updated.

    Thank you

  • 9.3.4 disabled wifi on an Ipad, but it connects to the router. Just don't download at all

    IPad was working fine, but I've updated to 9.3.4. Now Wireless does not work. Shows connected to the router, but nothing happens, but say unable to connect to the server, error trying to access the internet or by mail. Also turn continuous flashing VPN gray to green, then again, but we have never set up a virtual private network. Don't know if it is connected. Have you tried

    1 disconnection / reconnection to 2 routers that work very well for other devices

    2 reset wireless via settings > general > reset > reset network settings and then hang up again

    3 airplane mode on, wait a few minutes, then shut off again

    Overall, the router will connect to any time, we put the password, but there is no transfer of data. 3 other devices work fine with the router. Don't know where to go from here, or if it is possible to back out from the upgrade. Anyone else having this problem? A research increase the same problem.

    Thank you

    Anything that causes the problem is not specifically 9.3.4, which fixes just a security breach. Have you tried to restart routers?

  • Firefox prevents the connection from the router

    WRT120N router Linksys-Cisco, Firefox 22.0

    I discovered that my router rejects all attempts at connection (192.168.0.1, 401 authentication failure "browser can not perform authentication or authentication failed") when you browse to it from Firefox. It allows the connection when the attempt is made of Chrome.

    I remember having long ago something similar with Firefox, but resolved by disabling the option "say it me not to follow the sites", following what connections made; just looked and it is still not verified - if this isn't it.

    I looked a the packet capture and the password IS sent to the router, but it rejects the connection.

    Any ideas?

    "BUT IT WORKS CORRECTLY BOOTED IN SAFE MODE."
    Which prompted me to check the extensions.
    I called, guess what... TAKE STEPS TO TRACK ME.

    (Why is there such an extension if it is built in function?)

    Disabling, allowing the router to connect! I don't know why twice now, try to activate Do not not track eliminated the possibility to connect to the router... but this is the solution.

Maybe you are looking for