cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

696
Views
5
Helpful
4
Replies
Highlighted
Beginner

Regarding pre-shared key management on router

Hi Team,

I would like to know about pre-shared key configured on router.

While configuring site-to-eite VPN on two routers we are using pre-shared keys.

Now we are configuring manually keys on both routers statically.

Can we use any router as key management server who will change pre shared keys dynamically.

Regards

Vaishali

Everyone's tags (4)
4 REPLIES 4

Regarding pre-shared key management on router

Hi,

Are you referring to GET VPN?

Thanks.

Portu.

VIP Mentor

Regarding pre-shared key management on router

The router doesn't have any management-features for PSKs. In general they are not changed very often which is not a really good practice. But to still be secure there are two ways to secure your VPN:

1) Use really long PSKs (they can be up to 128 characters and should be completely ramdon) and configure PSK-encryption. Use different PSKs for different VPNs

2) Change the authentication to RSA-Sig with digital certificates. The IOS-router has a build-in CA, so that's a little bit the management-server you are looking for.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Regarding pre-shared key management on router

In case you were not talking about a Key server like in GET VPN, then check Karsten's post (5 stars).

At this point, you could use the LOCAL CA server of IOS in order to manage a "small" PKI infrastructure.

Cisco IOS Certification Authority

HTH.

Portu.

Beginner

Regarding pre-shared key management on router

Thanks Karsten.

I will refer those documents regarding Cisco IOS Certification Authority

Vaishali

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here