- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-14-2011 05:20 AM
i have a problem regarding the configuration of PALO ALTO IPSec VPN because the other remote sites are using RSA key Authentication for IPSec VPN. They bougth Palo Alto to change there existing firewall Astaro. And now were in the implementation to migrate all the policy to Palo Alto. And i figure out that there is no option of RSA key Authentication in PALO ALTO. They are using RSA key for the IPSec authentication. It is not possible to configure a Pre-shared Key to the other site. Can anyone to give me a solution to this problem. Below are RSA key use by other site. Can I easily copy this RSA key to the Pre-shared Key authetication option of PALO ALTO.
BERGEN RSA Key
0sAQNnkUFdOv3kRogegi+57+TIIx0p4031nXBtkXHXi3r3IKu66pVWws3bUjJGqKnxSXlbGQ4eF5CrCTrcBBG5cLcptySRgT7Y/a/JJ51DH+oy3Tl9zT6+j2PPnhF0FFreQB4G2PBdycVB0mqMq2bCkyNRYlpwQ2Q//6saPKiJFg11aG4AVvEDj70pE1BJjKuDQhNW6xWilNlxV3qvFbbYc1xRR0KmjRHK+hCq/MQZzNUBA5H8eu2RLVB5cGAtMMgFG2Xk2WEIdn2wHf2lDiJgCAU+ipyfYqms7tm+rLOfX8Q2sZJDknGN5db6766E/l3zjvWPZ+C1lcNxPbPayk4sFS9b
Public IP : 62.97.234.106
Local Area Network : 193.160.253.0/24
------------------------------------------------------------------------------------------------------------
CSL Bergen Pre-shared Key
Public IP : 85.200.239.62
Local Area Network : 192.168.4.0/24
Pre-shared-key : csl1223
------------------------------------------------------------------------------------------------------------
GENOA RSA Key
0sAQOVgmIpVDWSTKUT0V1+WE5n6/ITd3oRYu1ADmLq60tlWKL2cRggssI+PpHwmbAte81xyway0EEzbl+fsqIhcFL4rr3+mRqHRiv+VtQm+fZ7n/LiF6m4TG/BqsEpanQQsy7F3HUdDEVGoltu9vBawwOvF9DeW+ckMwfahoZlF2xLpJ7+lvJSdD9ITvCi1+yPoVtdJ1yYJ82+e2BMr8AvMM06xv3OSVlN9R6BBWHVS9U34FttDaJOn0qZb40RHKGL8Ax66GTE9d4KjTyLv2baz2wcYU9isQpx9FlX8/5XHsDbLJ4me/YezX5GslxQBJBe6SpAn2DvcdUA1p1g5Xhb/ian
Public IP : 82.188.127.82
Local Area Network : 192.168.200.0/24
------------------------------------------------------------------------------------------------------------
LEER RSA Key
0sAQOFxi7QLhZlarUQaXUhvIlOhUNVLaPdbd5qfMmkBFsoGvpkE602zN+tentSs68izxyzRMPLg+B7YO6R2U58dbcGSrQEDK526YEz+6LzpDSJxqMrY8pTQZomTsfwHjUo5tZ/MfsLQ8tWvTbpSRWOA2JHqUJMwhq3xFK5XIf7d3UIM//ZJXyW1XDwWx1LwZ7iHIVYfbVABzT7BMOGhhGMQE/CNoHgNWXIpEAhT4pmGVDFBrguKZax7QbRAkv9tN+PfMvzHhM3wKjwR74Cm4rvgiwdWk0Vkqzded0QpcXexaaEUfaZabjquC2a/yRfbve8JDNJoaRLjIFG4AeoBoQnS/E7
Public IP : 80.228.94.42
Local Area Network : 192.168.100.0/24
------------------------------------------------------------------------------------------------------------
MELBOURNE RSA Key
0sAQObcJ0GOwCuAzLcWFqotBRkoEWnNXfB8V6ZPcFiqNRXtmd7JaTArG5ZUI9MLxaGYdb5/94dV24BNCBFHg4ODEyTNhBd3Us8Uf/N8zZdAo2+kHGSikH32e1VRa9MCp8fvPtMDUwZ2HRK+hSqHWJ9CaLGi+Ao7Gf8TDSj8RrnNpzij0QAh/13GynuGc+ylYszRwEEjC5xNV6VUBW/zPFL+7X2tRvFayd+W4t390tw001gvfd1mK5msQaj15yUBMwmvj7kqRrjmIPD4t3RTPYQ8GM/L+azsCpQUo4d16iEUFmQrjBdxqI5yplBugPeN9U02C/0hVkK+D2Ho3CGTeC97cV1
Public IP : 202.63.68.26
Local Area Network : 192.168.50.0/24
12-14-2011 06:33 AM
Hi,
Pre-shared key (PSK) seems to be the only method supported by PanOS atm.
RSA key authentication is something really different than PSK.
If PanOS supports this I would be very interested.
12-14-2011 06:37 PM
Hi All,
I hope PALO ALTO can give solution to this in their another release software that RSA key authentication option on IPSec VPN of PALO ALTO is now available.
regards,
Jan
12-15-2011 12:05 AM
Yes I would like to see this implemented also, PSK is weak alternative : people store passphrases in email or text file somewhere .
I will open a RFC, and you should do the same.
12-15-2011 12:20 AM
I'd have to agree. RSA keys and Certificates in general is something I'd like to see.
12-15-2011 12:22 AM
Deal! RFC for everyone !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!