Solved: Re: ikev2 remote and local authentication preshared key in FTD

Chess Norris · ‎02-21-2025

Hello,

I am migrating an IKEv2 tunnel from ASA to FTD. In the ASA config, this tunnel is using different pre-shared keys for local and remote authentication, like this:

tunnel-group x.x.x.x. ipsec-attributes
peer-id-validate nocheck
ikev2 remote-authentication pre-shared-key aaaaaaaaaaaaaaaaaa
ikev2 local-authentication pre-shared-key bbbbbbbbbbbbbbbbbb

However, in FMC I cannot see an option to add both remote and local authentication preshared keys. See picture.

Anyone know how to enter this? Should I use flex-config?

Thanks

/Chess

Rob Ingram · ‎02-21-2025

@Chess Norris unfortunately asymmetric IKEv2 PSK is not supported on FTD. https://bst.cisco.com/bugsearch/bug/CSCvg02005?rfs=qvlogin

Workaround: Use the same PSK for both local and remote authentication

View solution in original post

Rob Ingram · ‎02-21-2025

@Chess Norris unfortunately asymmetric IKEv2 PSK is not supported on FTD. https://bst.cisco.com/bugsearch/bug/CSCvg02005?rfs=qvlogin

Workaround: Use the same PSK for both local and remote authentication

Chess Norris · ‎02-21-2025

Thank you for the quick reply, Rob. Then I will ask the remote side to change to the same PSK on their side.

/Chess

KBarr · ‎05-21-2025

This is not a non-supported feature, this is a bug in the software as you reference a bug ID.