RE: CA Certs on GNS3.

I see. Maybe it's because the RSA keys are saved in the private-config
section of the nvram and this section is not properly loaded upon an new
restart. Here's what I have with a 3725:

Rack1R3#dir nvram:
Directory of nvram:/

   51 -rw- 2074 <no date> startup-config
   52 ---- 1097 <no date> private-config
    1 ---- 15 <no date> persistent-data
    2 -rw- 0 <no date> ifIndex-table
    5 -rw- 892 <no date> w2k3-ca#0.cer
    6 -rw- 864 <no date> w2k3-ca#3434CA.cer

57336 bytes total (50017 bytes free)
Rack1R3#
Rack1R3#dir nvram:private-config
Directory of nvram:/private-config

   52 ---- 1097 <no date> private-config

57336 bytes total (50017 bytes free)
Rack1R3#

Maybe there is an workaround. Create a new pair of keys with the exportable
option. Then export the keys to nvram. Stop and start the router then import
that key.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares_at_netcabo.pt

-----Original Message-----
From: Adil Pasha [mailto:aspasha_at_gmail.com]
Sent: domingo, 13 de Fevereiro de 2011 19:41
To: 'Antonio Soares'; 'Cisco certification'
Subject: RE: CA Certs on GNS3.

Thanks for your reply.

The configs get loaded including the cert, but the key is missing. So it
really does not work and I will have to remove the entire CA configuration
and generate the keys again to make it work. Remember this is happening only
in GNS3 routers not real routers.

Regards.

Adil.

-----Original Message-----
From: Antonio Soares [mailto:amsoares_at_netcabo.pt]
Sent: Sunday, February 13, 2011 2:36 PM
To: 'Adil Pasha'; 'Cisco certification'
Subject: RE: CA Certs on GNS3.

Your nvram file seems fine. I see there the certificates and the rsa keys.
When you say the config doesn't get loaded, do you mean all the config or
just the certificates/rsa keys section ?

The 3725's use a rom file instead of the nvram file.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares_at_netcabo.pt

-----Original Message-----
From: Adil Pasha [mailto:aspasha_at_gmail.com]
Sent: domingo, 13 de Fevereiro de 2011 15:53
To: 'Antonio Soares'; 'Cisco certification'
Subject: RE: CA Certs on GNS3.

Thanks for your quick response Anthonio.

I am using 3660 routers. The reason I do not use 3700 series is that the
config does not get save in these routers in GNS3. From time to time it is
erased for some bug reason.

When you save the CA on 3700 series where does it get saved.

Check out the attached NVRAM file for my 3660. It looks pretty weird. It
does not get loaded so I lose all the certs and re-do the config.

You can open up the attached file in NOTEPAD.

Regards.

Adil.

-----Original Message-----
From: Antonio Soares [mailto:amsoares_at_netcabo.pt]
Sent: Saturday, February 12, 2011 7:46 PM
To: 'Adil Pasha'; 'Cisco certification'
Subject: RE: CA Certs on GNS3.

What router model are you using ? I don't have problems with the 3725. I
don't use GNS3, only dynagen+dynamips but I think the issue is not related
with GNS3. I have that problem with the Qemu emulated ASA but that's a
different story.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares_at_netcabo.pt

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adil
Pasha
Sent: sabado, 12 de Fevereiro de 2011 20:02
To: Cisco certification
Subject: CA Certs on GNS3.

Is there a way to save CA certs on GNS3 IOS router.

I have tried all but when the router is rebooted I lose the keys.

Thanks in adv.

Adil.

Blogs and organic groups at http://www.ccie.net
Received on Sun Feb 13 2011 - 20:47:33 ART