Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1091
Views
0
Helpful
2
Replies

ipsec-attributes: authentication pre-shared-key

notiskonto
Level 1
Level 1

‎03-19-2015 12:41 AM - edited ‎02-21-2020 08:08 PM

Hi,

I was trouble shooting an IPsec VPN site-to-site tunnel between two ASA. The tunnel was working but the lifetime was too short, so we had to change it. After changes the tunnel was not coming back. 

I noticed that in one site, the  

ikev2 remote-authentication pre-shared-key 
ikev2 local-authentication pre-shared-key 

under tunnel-group xx.xx.xx.xx ipsec-attributes, was encrypted ( pre-shared-key 8 dsafadsfafadfafdfghdfgh) and in the other site was not encrypted (pre-shared-key ******). 

 

After making the change to remove the encryption, the tunnel came up.

 

So my question is, could this change be the issue? Does it play any role if from the one site it is encrypted and in the other not?

 

Thanks

Notis

Labels:
0 Helpful
2 Replies 2

Abaji Rawool
Level 3
Level 3

‎03-24-2015 01:51 AM

Hi,

Configuration showing the key in encrypted or clear format should not be a issue, as long as the hash matches (they are same clear string). You need to check how the change of lifetime carried out. The following debugs / logs at the time of issue would have helped

more system running-config | in key

debug cry condition peer <peer ip>

debug cry isa 127

debug cry ips 127

 

Regards,

Abaji.

0 Helpful

notiskonto
Level 1
Level 1
In response to Abaji Rawool

‎03-24-2015 05:13 AM

Thank you for the answer. I will check it.

0 Helpful
Customers Also Viewed These Support Documents