[AusNOG] Cisco 3030 VPN Concentrator PSK Length

Ben Dale bdale at comlinx.com.au
Mon Sep 21 17:27:54 EST 2009

I've run into this before too - the 32 char limit is indeed a  
"feature" of the 3030.  The following is a snippet from a Cisco  
security bulletin discussing a vulnerability in the box :

   * Use strong passwords as PSK for group authentication and change
     them frequently. This is the most effective way to mitigate
     dictionary attacks. The VPN Concentrator accepts passwords from 4
     to 32 characters in length, including combinations of uppercase/
     lowercase letters, numbers, and additional characters (excluding '\
     ' and '@').



On 21/09/2009, at 5:13 PM, Adrian Pronczak wrote:

Hi NOGers,

I've got a client setting up a site to site IPSEC VPN using Cisco  
gear, an ASA5505 at their end, and a 3030 Concentrator at the remote  
side. The remote end is claiming that their 3030 won't support a pre- 
shared key length over 32char, which we're finding a bit odd.

I've had a look around Cisco's website, but the doco relating to the  
3000 series seems to have mysteriously vanished. Every other product I  
checked on says 128char though...

Can anyone confirm/deny?

AusNOG mailing list
AusNOG at lists.ausnog.net

More information about the AusNOG mailing list