This document assumes that you have already configured the security appliance with VPN configurations and provided pre-shared key as the authentication parameter.
The information in this document is based on the Cisco PIX 500 Series Firewall with software version 7.x and later.
The Problem is Once a pre-shared key is configured, it is encrypted, and you cannot see it in the running configuration. It is displayed as *******.
Example:
pixfirewall#show running-config
Cryptochecksum: 1b6862ce 661c9155 ff13b462 7b11c531
: Saved
: Written by enable_15 at 00:38:35.188 UTC Fri Feb 16 2007
!
PIX Version 7.2(2)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.124.1 255.255.255.0
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!--- Output is suppressed.
tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
Solution
In order to recover a pre-shared key in the VPN configuration, issue the more system:running-config command. This command shows the pre-shared key in clear-text format.
Example:
pixfirewall#more system:running-config
Cryptochecksum: 1b6862ce 661c9155 ff13b462 7b11c531
: Saved
: Written by enable_15 at 00:38:35.188 UTC Fri Feb 16 2007
!
PIX Version 7.2(2)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.124.1 255.255.255.0
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!--- Output is suppressed.
tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key cisco
telnet timeout 5
ssh timeout 5
The information in this document is based on the Cisco PIX 500 Series Firewall with software version 7.x and later.
The Problem is Once a pre-shared key is configured, it is encrypted, and you cannot see it in the running configuration. It is displayed as *******.
Example:
pixfirewall#show running-config
Cryptochecksum: 1b6862ce 661c9155 ff13b462 7b11c531
: Saved
: Written by enable_15 at 00:38:35.188 UTC Fri Feb 16 2007
!
PIX Version 7.2(2)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.124.1 255.255.255.0
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!--- Output is suppressed.
tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
Solution
In order to recover a pre-shared key in the VPN configuration, issue the more system:running-config command. This command shows the pre-shared key in clear-text format.
Example:
pixfirewall#more system:running-config
Cryptochecksum: 1b6862ce 661c9155 ff13b462 7b11c531
: Saved
: Written by enable_15 at 00:38:35.188 UTC Fri Feb 16 2007
!
PIX Version 7.2(2)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.124.1 255.255.255.0
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!--- Output is suppressed.
tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key cisco
telnet timeout 5
ssh timeout 5
No comments:
Post a Comment