The pre-shared-key command configures the pre-shared key used by IKE peers to perform pre-shared key authentication.
The undo pre-shared-key command deletes the pre-shared key used by IKE peers to perform pre-shared key authentication.
By default, the pre-shared key used by IKE peers to perform pre-shared key authentication is not configured.
Parameter |
Description |
Value |
|---|---|---|
cipher |
Indicates the pre-shared key in cipher text. You can enter a pre-shared key in plain text or cipher text, but the pre-shared key is displayed in cipher text in the configuration file. |
- |
key |
Specifies the pre-shared key used by IKE peers to perform pre-shared key authentication. |
The value is a string of case-sensitive characters without spaces. A plaintext key contains 1 to 128 characters, and a ciphertext key contains 48 to 188 characters. If the character string is enclosed in double quotation marks (" "), the character string can contain spaces. NOTE:
For security purposes, it is recommended that the pre-shared key contains at least 3 types of lowercase letters, uppercase letters, digits, and special characters, and contains at least 6 characters. |
Usage Scenario
During IKE negotiation, IPSec can use pre-shared key authentication to verify identities of communication parties. After pre-shared key authentication is configured, the initiator encrypts data using the pre-shared key before transmitting the data, and the receiver decrypts the data using the same pre-shared key. If the receiver succeeds in data decryption, the initiator passes the identity verification.
Precautions
Both ends of IKE negotiation must be configured with the same pre-shared key.