Guys, Exporting/Importing RSA keys from the primary KS to the redundant one via the terminal drove me mad because no matter what I tried I ended up with an error "% Error: invalid PEM boundary." Just FYI, it works if export to TFTP instead of terminal. May be handy if you have the similar task during the lab.
1) On the primary KS export it something like this: R1(config)#cryp key export rsa GETVPN-KEYS pem url flash: des cisco123 % Key name: GETVPN-KEYS Usage: General Purpose Key Exporting public key... Destination filename [GETVPN-KEYS.pub]? Writing file to flash:GETVPN-KEYS.pub Exporting private key... Destination filename [GETVPN-KEYS.prv]? Writing file to flash:GETVPN-KEYS.prv 2) Set up a local TFTP server on the primary KS R1(config)#tftp flash:GETVPN-KEYS.pub R1(config)#tftp flash:GETVPN-KEYS.prv 3) On the backup KS import the keys from TFTP cry key import rsa GETVPN url tftp://150.1.1.1/GETVPN-KEYS.pub cisco123 % Importing public General Purpose key or certificate PEM file... Address or name of remote host [150.1.1.1]? Source filename [GETVPN-KEYS.pub.pub]? GETVPN-KEYS.pub Reading file from tftp://150.1.1.1/GETVPN-KEYS.pub Loading GETVPN-KEYS.pub from 150.1.1.1 (via Serial0/1/0): ! [OK - 272 bytes] % Importing private General Purpose key PEM file... Address or name of remote host [150.1.1.1]? Source filename [GETVPN-KEYS.prv]? Reading file from tftp://150.1.1.1/GETVPN-KEYS.prv Loading GETVPN-KEYS.prv from 150.1.1.1 (via Serial0/1/0): ! [OK - 958 bytes] % Key pair import succeeded.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
