ASA - Crypto key size for Version 9.16

ASA version 9.16 and later uses larger size higher security RSA keys. When upgrading from an older version, smaller keys cannot be used. Thus, they are rendered unusable.

To resolve this issue, those keys must be recreated.

Alternatively, the crypto ca permit-weak-crypto command can be used to force the use of weaker RSA keys, but it is not recommended.

Links:

https://forum.networklessons.com/t/cisco-asa-site-to-site-ipsec-vpn-digital-certificates/828/26?u=lagapides

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/A-H/asa-command-ref-A-H/crypto-is-cz-commands.html#wp3837416760