Skip to main content
maiconp340
maiconp340
New Member
February 19, 2020
Solved

PSK IPsec from 5.2 to 6.0 Version

  • February 19, 2020
  • 3 replies
  • 6144 views

Hello, I´m doing a migration from an box 600C to 100F but I don´t have save any PSK on my IPsec tunnels.

I wonder if there is any way I get theses PSK or copy and paste the Encode PSK from 5.2 version to 6.0.

I did a test copy and paste PSK encode but didn´t work.

any tipe is welcome.

thanks   

    Best answer by sw2090

    copy paste will not work becuase the encoding changedsomwhere between 5.2 and 6.0.

    What should work ist: first upgrade your current FGT to 6.0 using the recommended upgrade path and then copy paste the tunnels/psks.

     

    3 replies

    tioeudes
    tioeudes
    New Member
    February 19, 2020

    Hello!

     

    I did this before, but not with different firmware versions.

     

    Using the config file, I copied the line where the psk is, pasted on the fgt ad it worked.

     

    You lost the psk on the upgrade? There was a bug that caused that.

     

     

    regards,

    tioeudes

    maiconp340
    maiconp340Author
    New Member
    February 19, 2020

    I´m doing migration the config by hand because my currently box is an 600C version 5.2 and my new box is an 100F version 6.0.4 

    tioeudes
    tioeudes
    New Member
    February 19, 2020

    Sure, been there too! Another thing you can do, is to download config file of the 600C and extract the  the ipsec tunnel (phase1 and phase2) configuration and then upload it on the 100F(with the necessary adjustments) as a script. Or you can just paste it on a terminal when conected through ssh.

     

    regards,

    tioeudes

    sw2090
    SuperUser
    sw2090Answer
    SuperUser
    February 20, 2020

    copy paste will not work becuase the encoding changedsomwhere between 5.2 and 6.0.

    What should work ist: first upgrade your current FGT to 6.0 using the recommended upgrade path and then copy paste the tunnels/psks.

     

    tioeudes
    tioeudes
    New Member
    February 20, 2020

    He can't, the 600C doesn't upgrade to 6.0. Maybe he could go to the 5.6.12 but i don't know if the encoding would be the same.

     

    Starting to agree with emnoc. It's probably be better to rekey these tunnels.

    sw2090
    SuperUser
    sw2090
    SuperUser
    February 20, 2020

    hm his post read like that. I didn't check that in support portal. But if it is like that I agree the best way is to rekey the tunnels.

    I can only confirm that an Ipsec Tunnel from 5.6.12 to 6.0.9 works fine. But that don't say anything about encoding on both sides does it ;)

    maiconp340
    maiconp340Author
    New Member
    February 20, 2020

    Hello, thank you. this the point.

    I will go do the update.

     

    Terms & ConditionsAccessibility statement