Support Center > Search Results > SecureKnowledge Details
Cannot establish VPN tunnel with 3rd Party DAIP using Pre-shared Secret
Symptoms
  • When user configures an Interoperable Device in SmartDashboard with a dynamic external IP, it is not possible to define a pre-shared key.
Cause

There is a limitation of the IKEv1 protocol that prevents using DAIPs (from whatever vendor) with Shared Secrets. IKE authentication (Main Mode) involves encrypting the 5th and 6th packets with a key derived from the Shared Secret. The problem is that the peers identify themselves in the 5th and 6th packets. If you do not know the peers identity, you cannot decide which Shared Secret to use, and you cannot decrypt the packet where the peers identify themselves.

The only way Shared Secrets can work is if you identify the Security Gateway by its IP address.

In IKEv2, the encryption key is not derived from the Shared Secret, so the peers can identify themselves with the protocol. However, even with IKEv2 SmartDashboard offers no way to configure the identification information for gateways, and also doesn't allow a pre-shared key to be configured. 


Solution
Note: To view this solution you need to Sign In .