Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Use of Pre-shared Keys

If a 'person in the middle' has knowledge of the pre-shared secret used to authenticate a VPN tunnel, using IPSEC/IKE. Could that person potentially decrypt the conversation? Or otherwise use the pre-shared secret to try and duplicate keys?

2 REPLIES
Community Member

Re: Use of Pre-shared Keys

You could establish a new session if using wild cards but I don’t know about decrypting the traffic in the tunnel on the fly.

Community Member

Re: Use of Pre-shared Keys

Pre-shared keys are fine but not scalable. From my knowledge, if the key is compromised, it has to be changed immediately on all devices. A safe way is to sign-up with a CA. This was recommended by Cisco while I was designing our VPN. Well, the answer to your question is "yes, the security and data are compromised".

291
Views
0
Helpful
2
Replies
CreatePlease to create content