> but to have a 2048-bit key for the vpn connection to the Fortinet I must also change the previous key pair for the above link vpn ? Yes. You changed your own "leftrsasigkey=0sAQPviNyME0giYwJk5LTtX7...." in all connection. See: ipsec showhostkey --left --- Sergey