Filter
Top Products
25-45
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Understanding IKEv1 Preshared Key Policies in Site-to-Site VPNs
Auto Generated When selected, allocates a random key to the participating peers. This
ensures security because a different key is generated for every
hub-spoke connection. Auto Generated is the default selection.
Auto generated is not a useful option when you do not manage all nodes
in the VPN, for example, in the case of an Extranet VPN.
Note The key is allocated during the first deployment to the devices
and is used in all subsequent deployments to the same devices,
until you select the Regenerate Key (Only in Next Deployment)
check box.
Key Length The required length of the preshared key to be automatically generated,
from 1 to 127. The default is 24.
Same Key for All Tunnels Unavailable in a point-to-point VPN topology.
When selected, enables you to use the same auto-generated key for all
tunnels.
Note If you do not select this option, different keys are used for the
tunnels, except in cases, such as DMVPN configuration, when
different multipoint GRE interfaces in the same network must
use the same preshared key.
Regenerate Key (Only in
Next Deployment)
When selected, enables Security Manager to generate a new key for the
next deployment to the devices. This is useful if it is possible that the
secrecy of the keys might be compromised.
When you submit the job for deployment, this check box is cleared. It
does not remain selected because the new key will only be generated for
the upcoming deployment, and not for subsequent deployments (unless
you select it again).
Negotiation Method
Select the type of negotiation method. The methods are explained in more detail in Understanding
IKEv1 Preshared Key Policies in Site-to-Site VPNs, page 25-43.
Table 25-9 IKEv1 Preshared Key Page (Continued)
Element Description