[AusNOG] Cisco 3030 VPN Concentrator PSK Length
Ben Dale
bdale at comlinx.com.au
Mon Sep 21 17:27:54 EST 2009
I've run into this before too - the 32 char limit is indeed a
"feature" of the 3030. The following is a snippet from a Cisco
security bulletin discussing a vulnerability in the box :
* Use strong passwords as PSK for group authentication and change
them frequently. This is the most effective way to mitigate
dictionary attacks. The VPN Concentrator accepts passwords from 4
to 32 characters in length, including combinations of uppercase/
lowercase letters, numbers, and additional characters (excluding '\
' and '@').
Cheers,
Ben
On 21/09/2009, at 5:13 PM, Adrian Pronczak wrote:
Hi NOGers,
I've got a client setting up a site to site IPSEC VPN using Cisco
gear, an ASA5505 at their end, and a 3030 Concentrator at the remote
side. The remote end is claiming that their 3030 won't support a pre-
shared key length over 32char, which we're finding a bit odd.
I've had a look around Cisco's website, but the doco relating to the
3000 series seems to have mysteriously vanished. Every other product I
checked on says 128char though...
Can anyone confirm/deny?
Thanks
-Adrian
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list