Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best Practice for IKE keys

Folks,

I am configuring my first site-to-site vpn using IPsec and IKE; however, I wanted to know if I should watch out for anything and the best practices for IKE.

I have generated a phrase that is 30 characters long, but should I include “special characters” in my IKE key?

1 REPLY
Hall of Fame Super Silver

Best Practice for IKE keys

Rather than the key length and 'strength' I'd focus on keeping a copy documented / stored securely offline somewhere. Process and documentation are at least as important as the technology.

99% of your protection comes from using a VPN at all as opposed to the characters used in your PSK.

If it's an option (e.g ASA 8.4 at both ends) I'd recommend using IKEv2.

423
Views
0
Helpful
1
Replies
CreatePlease login to create content