Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1994
Views
10
Helpful
3
Replies

ASA 5510 VPN PRE-SHARED KEY SPECIAL CHARACTER ISSUE

Go to solution
menzies456
Level 1
Level 1

‎08-20-2021 07:12 AM - edited ‎08-20-2021 07:13 AM

Hi,

I have an older 5510 IOS 9.1 that has a pre-shared secret of Sup£rSecretPassw0rd!!

When I paste this into a newer version of code (9.9) it will only show as SuprSecretPassw0rd!!

It does not use the £ as a special character.

It also has issues with ?

I have tried to look into the release notes but I can't find the answer.

At some point did the IOS change to not allow certain special characters and how can I get around this without having 

to change all the pre-shared key for the S2S VPN's?

Thanks

Sam

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amine ZAKARIA
Spotlight
Spotlight
In response to menzies456

‎08-20-2021 08:22 AM - edited ‎08-20-2021 08:24 AM

Hello Sam, 

You can check this Alphanumeric Characters Chart. the characters you have mentioned are included except for the £
https://www.mikes-marketing-tools.com/myseobook/page-80-81-82.html

If it is Ikev2 you can test using the password with hex keyword and put the password in hex form (Never tested it).

 

To avoid the downtime you can rollback to previous version, and migrate your tunnels password, when all tunnels are good upgrade.

View solution in original post

3 Replies 3

Go to solution
Amine ZAKARIA
Spotlight
Spotlight

‎08-20-2021 07:44 AM

Hello,

I have tested that £ on my ASA 9.14 it does not consider it as a character, same for FDM 6.6.4 on S2S vpn.
According to  : https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration/vpn/asa-914-vpn-config/vpn-site2site.html#ID-2445-0000012d

 

"To set the authentication method to use a preshared key, enter the ipsec-attributes mode and then enter the ikev1pre-shared-key command to create the preshared key. You need to use the same preshared key on both ASAs for this LAN-to-LAN connection.

The key is an alphanumeric string of 1-128 characters."

Go to solution
menzies456
Level 1
Level 1
In response to Amine ZAKARIA

‎08-20-2021 07:58 AM

In my lab for example I can use these special characters:

tunnel-group 109.239.93.116 ipsec-attributes
ikev1 pre-shared-key jj()!|@#^
tunnel-group 94.31.45.2 type ipsec-l2l

 

But not £?

This must have  changed in a code version. Which is a shame as I now have to contact all of the 3rd parties to change it!

 

Thanks

Sam

0 Helpful

Go to solution
Amine ZAKARIA
Spotlight
Spotlight
In response to menzies456

‎08-20-2021 08:22 AM - edited ‎08-20-2021 08:24 AM

Hello Sam, 

You can check this Alphanumeric Characters Chart. the characters you have mentioned are included except for the £
https://www.mikes-marketing-tools.com/myseobook/page-80-81-82.html

If it is Ikev2 you can test using the password with hex keyword and put the password in hex form (Never tested it).

 

To avoid the downtime you can rollback to previous version, and migrate your tunnels password, when all tunnels are good upgrade.

Customers Also Viewed These Support Documents