You can replace pre-shared keys for policy-based and route-based VPNs. You can replace with anautomatically generated key or then manually paste or enter a key.
Before you begin
Pre-shared key authentication must be selected in the VPN Profile and allowed in the Gateway Profiles
As a security precaution, we recommend that you periodically change the pre-shared key (for example, monthly).
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration, then browse to SD-WAN.
- For policy-based VPNs, right-click the Policy-Based VPN element, select Edit <element type>, then follow these steps.
- Click the Tunnels tab.
- To automatically generate pre-shared keys for multiple tunnels, select the tunnels.
- Right-click the selected tunnels, then select Delete Pre-Shared Key.
- Right-click the selected tunnels again, then select Generate Missing Pre-Shared Key.
A new pre-shared key is generated for each tunnel.
- To manually enter the key for a single tunnel, double-click the Key column, then enter or paste the key.
- To transfer the key for a tunnel to external components, double-click the Key column, then copy the key, or click Export.
Note: Make sure that outsiders cannot obtain the key while you transfer it to other devices. The key must remain secret to be an effective security measure.
- For route-based VPNs, right-click a Route-Based VPN Tunnel element, select Properties, then follow these steps.
- Next to Pre-Shared Key, select Edit.
- To automatically generate a key, click Generate.
- To manually enter the key, enter or paste the key.
- To transfer the key to external components, copy the key, or click Export.
- Click OK.
- Next to Pre-Shared Key, select Edit.
- Click Save.