This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Determine Pre-shared key?

Is it possible to determine what the pre-shared key is for a S2S VPN? I need to move some tunnels to a new UTM220 and it would be nice to use the existing keys. Thanks!

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

PSKs are visible in clear text in the Printable Configuration.

PSKs are not recommended for site-to-site VPNs. If you're moving the connections to a new 220, you might want to consult How to create an X509 key based Site-to-Site VPN: Astaro Security Gateway

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 tuscani over 12 years ago

Great, thanks Bob

I assume the x509 key option only applies to S2S tunnels between ASG\UTM devices and not 3rd parties? Which many of our tunnels are..

Also, is there any benefit to the x509 aside from security? It looks like WAAAAY more work than PSK [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

There are other KnowledgeBase articles with descriptions for connecting to Cisco and other IPsec VPNs.

Yes, this is about Security. There are new password/PSK-breaking techniques and it's possible to align a lot of CPUs in the Amazon cloud for a relatively small amount of money. If your organization has any secrets that it wants to protect, cert-based VPNs are a must. Really, it's not much more than exchanging cert+CA instead of PSKs. Even RSA-key-based VPNs are much, much safer than PSKs.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel