Configuring an Unencrypted Preshared Key for a Local IPsec Transport Profile

You can use the pre-share command to configure an unencrypted (red) preshared key. The router uses this key to authenticate IKE negotiations that arrive from any remote IP address specified for this transport profile and that are destined for the local IP address specified. If the remote endpoint address is a wildcard address, this preshared key is a group preshared key.

Caution: Group preshared keys are not fully secure, and we do not recommend using them. They are provided for trials and testing purposes where the missed security does not pose a risk to the provider.

To enable preshared key authentication, you must also specify the IKE policy rule as preshared by entering authentication pre-share in ISAKMP Policy Configuration mode.

To configure an unencrypted (red) preshared key:

host1(config-ipsec-transport-profile-local)#pre-share secretforL2tp

Use the no version to remove the key.

Note: After you enter a preshared key, the original (unencrypted) key cannot be retrieved. If you need to reenter the original key (for example, the system is reset to factory default and you have only the show config output), you can:

  1. Use the show config command to see the encrypted (masked) form of the key.
  2. Use the pre-shared-masked command to enter the masked key. The system behaves the same way as when you entered the first pre-share key command.

Related Documentation