Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN3000 OSPF key too short to match IOS OSPF

A group of IOS routers uses OSPF with a 13-character authentication key. The VPN 3005 with it's 8-character maximum key length can't authenticate into the area.

Is there a way to get the routers to use a shorter key for the 3005's messages?

1 REPLY
Cisco Employee

Re: VPN3000 OSPF key too short to match IOS OSPF

If the VPN3000 is sitting off a specific router interface on its own, then you should be able to specify a different password for that interface , something like:

int fa0

   description Connection to other routers

   ip ospf authentication message-digest

   ip ospf authentication-key cisco12345678

int fa1

   description Connection to the VPN3000

   ip ospf authentication message-digest

   ip ospf authentication-key cisco123

router ospf 10

   area 3 authentication message-digest

If it's sitting on the same interface as other routers doing OSPF authentication then I'm afraid you're out of luck.

Looks like you opened a TAC case on this recently, I believe your engineer on that case is going to file a bug on the VPN3000 to have the key length increased in a future release.

141
Views
0
Helpful
1
Replies
CreatePlease to create content