Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring an Encrypted Preshared Key for a Local IPsec Transport Profile

    You can use the pre-share-masked command to specify an encrypted preshared key. To obtain this key, enter an unencrypted key by using the pre-share command and then run the show config command. The router then displays the preshared key in encrypted form. You can enter the encrypted key by using the pre-share-masked command.

    The router uses the preshared key to authenticate IKE negotiations that arrive from any remote IP address specified for this transport profile and that are destined for any local IP address specified for this transport profile. If the remote endpoint address is a wildcard address, this preshared key is a group preshared key.

    Caution: Group preshared keys are not fully secure, and we do not recommend using them. They are provided for trials and testing purposes, where the missed security does not pose a risk to the provider.

    To enable preshared key authentication, you must also specify the IKE policy rule as preshared by entering authentication pre-share in ISAKMP Policy Configuration mode.

    To specify an encrypted preshared key:

    • Issue the pre-share-masked command in Local IPsec Transport Profile Configuration mode.
    host1(config-ipsec-transport-profile-local)#pre-share-masked AAAAGAAAAAcAAAACZquq4ABieTUBuNBELSY8b/L3CX/RcPX7

    To remove a key, use the no pre-share command.

    Published: 2014-08-12