Replace pre-shared keys for VPNs

You can replace pre-shared keys for policy-based and route-based VPNs. You can replace with an automatically generated key or then manually paste or enter a key.

Before you begin

Pre-shared key authentication must be selected in the VPN Profile and allowed in the Gateway Profiles

As a security precaution, we recommend that you periodically change the pre-shared key (for example, monthly).

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. For policy-based VPNs, right-click the Policy-Based VPN element, select Edit <element type>, then follow these steps.
    1. Click the Tunnels tab.
    2. To automatically generate pre-shared keys for multiple tunnels, select the tunnels.
    3. Right-click the selected tunnels, then select Delete Pre-Shared Key.
    4. Right-click the selected tunnels again, then select Generate Missing Pre-Shared Key.
      A new pre-shared key is generated for each tunnel.
    5. To manually enter the key for a single tunnel, double-click the Key column, then enter or paste the key.
    6. To transfer the key for a tunnel to external components, double-click the Key column, then copy the key, or click Export.
      Note: Make sure that outsiders cannot obtain the key while you transfer it to other devices. The key must remain secret to be an effective security measure.
  3. For route-based VPNs, right-click a Route-Based VPN Tunnel element, select Properties, then follow these steps.
    1. Next to Pre-Shared Key, select Edit.
      • To automatically generate a key, click Generate.
      • To manually enter the key, enter or paste the key.
      • To transfer the key to external components, copy the key, or click Export.
    2. Click OK.
  4. Click Save.

Pre-Shared Key dialog box

Use this dialog box to generate or export a pre-shared key.

Option Definition
Generate Generates a new key.
Export Opens the Export dialog box from where you can export the key.