Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
5
Helpful
4
Replies

Regarding pre-shared key management on router

vaishalin
Level 1
Level 1

‎10-01-2012 09:20 AM

Hi Team,

I would like to know about pre-shared key configured on router.

While configuring site-to-eite VPN on two routers we are using pre-shared keys.

Now we are configuring manually keys on both routers statically.

Can we use any router as key management server who will change pre shared keys dynamically.

Regards

Vaishali

Labels:
0 Helpful
4 Replies 4

Javier Portuguez
Level 9
Level 9

‎10-01-2012 09:35 AM

Hi,

Are you referring to GET VPN?

Thanks.

Portu.

0 Helpful

Karsten Iwen
VIP
VIP

‎10-01-2012 10:48 AM

The router doesn't have any management-features for PSKs. In general they are not changed very often which is not a really good practice. But to still be secure there are two ways to secure your VPN:

1) Use really long PSKs (they can be up to 128 characters and should be completely ramdon) and configure PSK-encryption. Use different PSKs for different VPNs

2) Change the authentication to RSA-Sig with digital certificates. The IOS-router has a build-in CA, so that's a little bit the management-server you are looking for.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Javier Portuguez
Level 9
Level 9
In response to Karsten Iwen

‎10-01-2012 01:38 PM

In case you were not talking about a Key server like in GET VPN, then check Karsten's post (5 stars).

At this point, you could use the LOCAL CA server of IOS in order to manage a "small" PKI infrastructure.

Cisco IOS Certification Authority

HTH.

Portu.

0 Helpful

vaishalin
Level 1
Level 1
In response to Karsten Iwen

‎10-01-2012 10:59 PM

Thanks Karsten.

I will refer those documents regarding Cisco IOS Certification Authority

Vaishali

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents