Hex value for a pre-shared IKE key?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Hex value for a pre-shared IKE key?

L1 Bithead

Hi,

Is it possible to set a IKEv2 pre-shared key to a hex value in a PAN-OS 9.1 or later NG firewall?  Don't see an option with the GUI or CLI.

thanks,

Brian

 

2 accepted solutions

Accepted Solutions

L2 Linker

Hello 

 

From PA Admin guide "The Pre-Shared Key value is a string that the administrator creates using a maximum of 255 ASCII or non-ASCII characters. Generate a key that is difficult to crack with dictionary attacks; use a pre-shared key generator, if necessary. " 

View solution in original post

Hello Brianjsmith7, I think, according to the documentation, what they meant is that you can also use Unicode. I don't think it allows you to use '0x' when giving hexadecimal characters. It reads that as a string of characters. For example, '48656C6C'.

 

View solution in original post

5 REPLIES 5

L2 Linker

Hello 

 

From PA Admin guide "The Pre-Shared Key value is a string that the administrator creates using a maximum of 255 ASCII or non-ASCII characters. Generate a key that is difficult to crack with dictionary attacks; use a pre-shared key generator, if necessary. " 

L1 Bithead

yes, but that does not answer my question.  How does PAN-OS know the key entry format to convert to binary? Otherwise, I assume it considers the entry ascii.  Can I use, for example, 0x before a hex string?

nope. How does PAN-OS know the key entry format to convert to binary? Otherwise, I assume it considers the entry ascii.  Can I use, for example, using 0x before a hex string does not work.

Hello Brianjsmith7, I think, according to the documentation, what they meant is that you can also use Unicode. I don't think it allows you to use '0x' when giving hexadecimal characters. It reads that as a string of characters. For example, '48656C6C'.

 

Thank you for your answer. I get something similar from support. So I conclude PA does not support binary keys, since I dont think all bit combinations are supported by unicode characters that could be entered, such as control keys.

  • 2 accepted solutions
  • 1899 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!