cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
832
Views
5
Helpful
4
Replies
vaishalin
Beginner

Regarding pre-shared key management on router

Hi Team,

I would like to know about pre-shared key configured on router.

While configuring site-to-eite VPN on two routers we are using pre-shared keys.

Now we are configuring manually keys on both routers statically.

Can we use any router as key management server who will change pre shared keys dynamically.

Regards

Vaishali

4 REPLIES 4

Hi,

Are you referring to GET VPN?

Thanks.

Portu.

Karsten Iwen
VIP Mentor

The router doesn't have any management-features for PSKs. In general they are not changed very often which is not a really good practice. But to still be secure there are two ways to secure your VPN:

1) Use really long PSKs (they can be up to 128 characters and should be completely ramdon) and configure PSK-encryption. Use different PSKs for different VPNs

2) Change the authentication to RSA-Sig with digital certificates. The IOS-router has a build-in CA, so that's a little bit the management-server you are looking for.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

In case you were not talking about a Key server like in GET VPN, then check Karsten's post (5 stars).

At this point, you could use the LOCAL CA server of IOS in order to manage a "small" PKI infrastructure.

Cisco IOS Certification Authority

HTH.

Portu.

Thanks Karsten.

I will refer those documents regarding Cisco IOS Certification Authority

Vaishali

Content for Community-Ad