VPN3000 OSPF key too short to match IOS OSPF

dkornitz — Fri, 21 Feb 2020 07:15:37 GMT

A group of IOS routers uses OSPF with a 13-character authentication key. The VPN 3005 with it's 8-character maximum key length can't authenticate into the area.

Is there a way to get the routers to use a shorter key for the 3005's messages?

Re: VPN3000 OSPF key too short to match IOS OSPF

gfullage — Thu, 26 Feb 2004 04:03:20 GMT

If the VPN3000 is sitting off a specific router interface on its own, then you should be able to specify a different password for that interface , something like:

int fa0

description Connection to other routers

ip ospf authentication message-digest

ip ospf authentication-key cisco12345678

int fa1

description Connection to the VPN3000

ip ospf authentication message-digest

ip ospf authentication-key cisco123

router ospf 10

area 3 authentication message-digest

If it's sitting on the same interface as other routers doing OSPF authentication then I'm afraid you're out of luck.

Looks like you opened a TAC case on this recently, I believe your engineer on that case is going to file a bug on the VPN3000 to have the key length increased in a future release.

topic VPN3000 OSPF key too short to match IOS OSPF in Network Security

VPN3000 OSPF key too short to match IOS OSPF

Re: VPN3000 OSPF key too short to match IOS OSPF