This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

IPSec VPN using RSA key on the other site

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IPSec VPN using RSA key on the other site

janm
Not applicable

‎12-14-2011 05:20 AM

i have a problem regarding the configuration of PALO ALTO IPSec VPN because the other remote sites are using RSA key Authentication for IPSec VPN. They bougth Palo Alto to change there existing firewall Astaro. And now were in the implementation to migrate all the policy to Palo Alto. And i figure out that there is no option of RSA key Authentication in PALO ALTO. They are using RSA key for the IPSec authentication. It is not possible to configure a Pre-shared Key to the other site. Can anyone to give me a solution to this problem.  Below are RSA key use by other site. Can I easily copy this RSA key to the Pre-shared Key authetication option of PALO ALTO.

BERGEN RSA Key

0sAQNnkUFdOv3kRogegi+57+TIIx0p4031nXBtkXHXi3r3IKu66pVWws3bUjJGqKnxSXlbGQ4eF5CrCTrcBBG5cLcptySRgT7Y/a/JJ51DH+oy3Tl9zT6+j2PPnhF0FFreQB4G2PBdycVB0mqMq2bCkyNRYlpwQ2Q//6saPKiJFg11aG4AVvEDj70pE1BJjKuDQhNW6xWilNlxV3qvFbbYc1xRR0KmjRHK+hCq/MQZzNUBA5H8eu2RLVB5cGAtMMgFG2Xk2WEIdn2wHf2lDiJgCAU+ipyfYqms7tm+rLOfX8Q2sZJDknGN5db6766E/l3zjvWPZ+C1lcNxPbPayk4sFS9b

Public IP : 62.97.234.106

Local Area Network : 193.160.253.0/24

------------------------------------------------------------------------------------------------------------

CSL Bergen Pre-shared Key

Public IP : 85.200.239.62

Local Area Network : 192.168.4.0/24

Pre-shared-key : csl1223

------------------------------------------------------------------------------------------------------------

GENOA RSA Key

0sAQOVgmIpVDWSTKUT0V1+WE5n6/ITd3oRYu1ADmLq60tlWKL2cRggssI+PpHwmbAte81xyway0EEzbl+fsqIhcFL4rr3+mRqHRiv+VtQm+fZ7n/LiF6m4TG/BqsEpanQQsy7F3HUdDEVGoltu9vBawwOvF9DeW+ckMwfahoZlF2xLpJ7+lvJSdD9ITvCi1+yPoVtdJ1yYJ82+e2BMr8AvMM06xv3OSVlN9R6BBWHVS9U34FttDaJOn0qZb40RHKGL8Ax66GTE9d4KjTyLv2baz2wcYU9isQpx9FlX8/5XHsDbLJ4me/YezX5GslxQBJBe6SpAn2DvcdUA1p1g5Xhb/ian

Public IP : 82.188.127.82

Local Area Network : 192.168.200.0/24

------------------------------------------------------------------------------------------------------------

LEER RSA Key

0sAQOFxi7QLhZlarUQaXUhvIlOhUNVLaPdbd5qfMmkBFsoGvpkE602zN+tentSs68izxyzRMPLg+B7YO6R2U58dbcGSrQEDK526YEz+6LzpDSJxqMrY8pTQZomTsfwHjUo5tZ/MfsLQ8tWvTbpSRWOA2JHqUJMwhq3xFK5XIf7d3UIM//ZJXyW1XDwWx1LwZ7iHIVYfbVABzT7BMOGhhGMQE/CNoHgNWXIpEAhT4pmGVDFBrguKZax7QbRAkv9tN+PfMvzHhM3wKjwR74Cm4rvgiwdWk0Vkqzded0QpcXexaaEUfaZabjquC2a/yRfbve8JDNJoaRLjIFG4AeoBoQnS/E7

Public IP : 80.228.94.42

Local Area Network : 192.168.100.0/24

------------------------------------------------------------------------------------------------------------

MELBOURNE RSA Key

0sAQObcJ0GOwCuAzLcWFqotBRkoEWnNXfB8V6ZPcFiqNRXtmd7JaTArG5ZUI9MLxaGYdb5/94dV24BNCBFHg4ODEyTNhBd3Us8Uf/N8zZdAo2+kHGSikH32e1VRa9MCp8fvPtMDUwZ2HRK+hSqHWJ9CaLGi+Ao7Gf8TDSj8RrnNpzij0QAh/13GynuGc+ylYszRwEEjC5xNV6VUBW/zPFL+7X2tRvFayd+W4t390tw001gvfd1mK5msQaj15yUBMwmvj7kqRrjmIPD4t3RTPYQ8GM/L+azsCpQUo4d16iEUFmQrjBdxqI5yplBugPeN9U02C/0hVkK+D2Ho3CGTeC97cV1

Public IP : 202.63.68.26

Local Area Network : 192.168.50.0/24

0 Likes Likes
5 REPLIES 5

essnet
L4 Transporter

‎12-14-2011 06:33 AM

Hi,

Pre-shared key (PSK) seems to be the only method supported by PanOS atm.

RSA key authentication is something really different than PSK.

If PanOS supports this I would be very interested.

0 Likes Likes

janm
Not applicable
In response to essnet

‎12-14-2011 06:37 PM

Hi All,

I hope PALO ALTO can give solution to this in their another release software that RSA key authentication option on IPSec VPN of PALO ALTO is now available.

regards,

Jan

0 Likes Likes

essnet
L4 Transporter
In response to janm

‎12-15-2011 12:05 AM

Yes I would like to see this implemented also, PSK is weak alternative : people store passphrases in email or text file somewhere .

I will open a RFC, and you should do the same.

0 Likes Likes

rapoint_person
L3 Networker
In response to essnet

‎12-15-2011 12:20 AM

I'd have to agree. RSA keys and Certificates in general is something I'd like to see.

0 Likes Likes

essnet
L4 Transporter
In response to rapoint_person

‎12-15-2011 12:22 AM

Deal! RFC for everyone !

0 Likes Likes
  • 3125 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks