Cisco VPN :: Generate Public RSA Key Of 4096 Bits On IOS Router
Aug 31, 2011
Is it possible to generate a public RSA key of 4096-bits on an IOS router? We are running 12.4(24)T5. Have been going through some cisco doc and found this:
Cisco IOS 4096-Bit Public Key Support in IOS 12.4(11) and later.
However when I issue the command,crypto ca trustpoint exampleCAkeys, rsakeypair exampleCAkeys ?
it only shows me the maximum of 2048. Am I missing something? Currently our root cert has a public key of 2048 and the routers a key of 1024. The goal is to increase the root cert and our routers cert to 4096-bits. If that's possible.
I have some questions about the size of the certifcates in ACE module (ACE20). Reading the following link: [URL]
I can verify this text: 4096 (high security, level 4) - For software release A2(2.4) and later in the ACE module and software release A3(2.6) and later in the ACE appliance, you can use 4096-bit SSL certificates in chaingroups and authgroups. You can also import public certificates and keys that are 4096 bits in length.
We intend to use a certificate (CA) with keys of 4096 bits and according to the text of wiki, it's possible.
But if I check the guide [URL]
Somebody that already use certificates with 4096 bits in ACE20 module?
I have configured an Cisco 881 router in our lab with netflow commands and pointed to our network monitoring tool and I want to check if the tool can collect valid traffic statistics from this router (eg. utilization). The problem this router has nothing plugged into a production LAN that would potentially generate traffic to measure using this tool.
Is there a way to configure a Cisco router (ex. Cisco 881 router) to artificially generate network traffic to test that I have setup the monitoring tool correct to capture future utilization statistics?
I want to clear the keys on a 2821 and generate new ones using the command crypto key zeroize command but I don't see this command available as an option. Below is the output of the available options..
ROUTER#crypto key ? lock Lock a keypair. unlock Unlock a keypair.
logging buffered 4096 warnings The above causes router to log all the events with severity level 4 or below in buffer.What about logging console warnings command?will the above command cause router to send log messages with severity level 4( warnings severity level) to console only or will the router send all the log messages with severity level 4 or below to console ?
May I know how to manually set the priority (root ID and bridge ID priority) and for spanning tree? Which one should I use based on the command below? and how does it affect the path cost of it?
Any switch that supports 4096 multicast groups?I am working on a system that includes over a dozen catalyst 2960 switches. The customer has pointed out the 2960 switch does not satisfy the requirement to support 4096 multicast groups (even though it is more than adequate for the number of active multicast groups). It looks like the 3560 supports more multicast groups than the 2960, but is still far less than the requirement.
at our office we have a brand new WRVS4400N with 2.0.1.3 fw preinstalled.In order to make a VPN connection to our cliente, we need to establish an IPSEC VPN with AES-CBC encryption, but in the drop-down list I can only select 3DES.Does v2.0.2.1 fw update include AES-CBC encryption?In negative case, how can we add this type of encryption to the router?
I used to have a 877w in the same place and same setup as my current 887, this time though the DMT Bits Per Bin just will not populate on ADSL2+ altough it did work when it sync ADSL1 (same line/DSLAM, just came up ADSL for some reason).
We recently purchased a Cisco ASR1002 router with four on-board Gigabit SFP-style Ethernet ports. However, when I do a "show ip interface brief", I see that there's an extra Gigabit Ethernet port. See the last interface in the following output:
ASR_1002_router#sh ip int b Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 unassigned YES manual down down
[Code].....
On the router itself, in addition to the four Ethernet SFP ports, there are four additional RJ-45 ports. They're labeled "BITS", "MGMT", "CON", and "AUX". I know what the Con and Aux ports are, but what are the Bits and Mgmt ports? And is one of them the Gigabit Ethernet interface that I see listed at the bottom of the output? And if it is, is there anything special about it, or is it just another routed Ethernet port? Can I do something special with it, like out-of-line managment?
I used speed test and got 50 mega bits per second. I tried re downloading tf2 and i was getting 80 kilo bytes, and I am using windows 7. Doesn't 8 mega bits equal 1 mega byte?
running cisco VPN client over Windows XP SP 2 64 bits.
I get the error 442 Failed to enable the virtual adapter. I have seen a number of solutions, but can not find solutions or workarounds for Windows XP 64 bits.
I'm at my brother's house and I'm trying to connect to hs wireless network. I know the password but whenever I try to enter it it gives me a message that says, "The network password needs to be 128bits or 256 bits depending on your network configuration. This can be entered as 8 to 63 characters or 64 hexadecimal characters." From other forums I've looked at it says that I need to get to the router settings page. It gives me an IP adress to paste into the web browser but it doesn't come up as anything. What the heck?
How many bits must be reallocated from host ID to network ID to create 16 subnets?( i did read the discussion on another page and still no clue). For the Class C network address 192.168.10.0 , which of the following subnet masks provides 32 subnets? How many host bits are necessary to assign addresses to 62 hosts ??
So I have an issue with getting a laptop hooked onto the router signal. The router is a brand spankin new Linksys EA4500 and the laptop is an IBM which is running Win XP (not sure of SP version as it is a customer's comp. at a hotel I run). Anyway, the error message I am encountering is:The network password needs to be 40 bits r 104 bits depending on your network configuration. This can be entered as 5 or 13 ascii characters or 10 or 26 hexadecimal charactersAt first I thought is was my router password since it contained a $ symbol so I changed it to only letters and numbers but still didn't work. I have never encountered this error message on any laptops and no other rooms have been affected.
I do not see 802.1Q tags nor do I see p-bits (COS) in my wireshark captures. My setup is not working and I have no way to verify (sniff) that the 6509 is setting the p-bits to 3. [code]
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24 Remote Network - 20.20.41.0/24 Remote Peer - 20.20.60.193 .ASA Version 8.2(5) ! hostname ciscoasa
who had a WMP300N with the Broadcom 4329 chip (PCIVEN_14E4&DEV_4329&SUBSYS_00601737&REV_01)Since i got my WMP300N all that i got is a really a big headache, since the drivers DOESN'T are meant for Win 7 (x86/x64), and the guys at Cisco/Linksys really are so kind to bring an unstable driver (v6.100) that they claim is for win 7.
i, as same as a ton of users, really get dissapointed because the driver in the cd does not work on win 7 and the 'official updated driver' is useless as well, and in the end lost a lot of time searching almost in the entire internet for a solution, that some pages claim to have, but the info is oudated, or the links are gone.so in a insurmountable-almost-titanic search, i somehow managed to gather all the required files that i'll put at disposition of those like me have a bad time with a supposed to be a pretty good wireless card.
1- bmc 4329 v4.100, this one is the most 'stable' and works pretty well in 32/64bits, it had a modded .inf wich enables a few features that various users will find pretty useful, when the installer prompts a warning about an unsigned driver, you had to allow the installation
2- bmc 4329 5.100, this one is working too on 32/64 bits, i'm posting it because some people got problems with the 4.100 version, however, the 5.100 is a stock unmodded driver, so maybe it will give connection issues.
We are already having a True business ID certificate from Geotrust for our SSL VPN on CISCO ASA 5510.this is working fine.
We are now changing our device from ASA 5510 to ASA5520 in failover setup. As we check with Geotrust they are asking us to create a new CSR with same parameters from new ASA5520 device and reissue the certificate from their site.In this context how to create a new CSR from ASA5520 8.2(5). create CSR from ASA 5520 8.2(5)
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
I have an issue with rme 4.2 from LMS 3.1 When I try to generate a syslog report this shows me nothing. I locate SyslogCollector.log file and I see sometnig wrong.
I am running CiscoWorks LMS 4.0.1 since 6 months and I wanted to generate today a report about the interface utilization on 2 Cisco switches (Catalyst 3750G). The corresponding job is created, it runs and then i get "succeeded with info" in the "Run Status" column. When I want to click then on the "View Report" link, I get the following error: "Could not generate the report. Either data is not available for the specified duration or the report job failed."
I tried the same procedure with 2 other switches but I have got the same result.
we have a policy on ACS to disable user account (Internal user identify store) after X days if password is not changed. However, a few days before the password expires, there is no notification for users unless he happens to log in IOS router (tacacs) through console. in other words, if he logs into IOS devices through VTY, there is no notification at all.some users got locked out becuase they were not notified to change password. What setting on ACS 5.2 must be configured to display warning on VTY before password expires?
I am unable to generate bug summary report in RME. Even I can not generate PSIRT report as well..LMS always gives error "incorrect cisco.com credential. enter correct credential" I have checked my credentials are correct... it gives me error no BTKT:0014..I am using LMS 3.1 attaaching snap shot of my patch level and application version running on LMS...
I have a WCS server running the version 6.0.170.0. I have already added few WLCs running the version 7.0 to this WCS. It is working fine. And now I have added two new controllers running the version 7.0.98.0 to the existing WCS server. When i add the floor layouts to the WCS and position the access points from the new controllers, the heat map is not generated automatically.
