Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
1
Replies

Best Practice for IKE keys

jaz0nj4ckal
Level 1
Level 1

‎02-07-2012 05:48 AM

Folks,

I am configuring my first site-to-site vpn using IPsec and IKE; however, I wanted to know if I should watch out for anything and the best practices for IKE.

I have generated a phrase that is 30 characters long, but should I include “special characters” in my IKE key?

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-07-2012 07:11 AM

Rather than the key length and 'strength' I'd focus on keeping a copy documented / stored securely offline somewhere. Process and documentation are at least as important as the technology.

99% of your protection comes from using a VPN at all as opposed to the characters used in your PSK.

If it's an option (e.g ASA 8.4 at both ends) I'd recommend using IKEv2.

0 Helpful
Customers Also Viewed These Support Documents