ISAKMP Auth failing

Unanswered Question
Jul 24th, 2007

I'm having issues getting the preshared key configured on both ends of a tunnel. I can change the key on the host FW but am unable to change the key on the remote FW. It just errors when issuing a command telling me that there's already a key assigned for the IP address requested. How can I change the key on the remote firewall?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sponge1771 Wed, 07/25/2007 - 06:17

Lan to Lan PIX VPN tunnel. I can change the preshared key on the host PIX, but the remote PIX will not allow me to change the key setting in the config t mode.

Jon Marshall Wed, 07/25/2007 - 10:39

Hi

Try deleting the existing one first ie.

no isakmp key ******** address "IP address"

and then add your new one.

HTH

Jon

Sponge1771 Wed, 07/25/2007 - 12:55

I don't know the key, but did not try entering *******, will just using asterisks work?

Jon Marshall Mon, 08/06/2007 - 13:56

Hi

Have you tried this command. Yes using just asterisks should remove the key.

Jon

krishnakomiti Tue, 07/31/2007 - 02:56

Hi,

Use the below command to delete:

"no isakmp key *********** address xxx.xxx.xxx.xxx netmask 255.255.255.255"

Here ***** means your preshared key and XXX.XXX. means your destination IP address you have to use to delete and try add new one.

Ragards,

Krishna.

Sponge1771 Tue, 07/31/2007 - 05:55

The problem is, I took over for some people that left and didn't document well, so I do not know what the preshared key is. Is there a way to either retrieve it or remove that command without setting the device back to defaults and starting from scratch?

grahambartlett Mon, 08/06/2007 - 04:38

Hi Sponge1771

You have a few methods to see the keys... ;-)

1. Copy the running-config to a tftp server (copy runn tftp)

2. Show the running config so you can see the pre-shared keys.

more system:running-config

3. Enable a https server and view this using it.

The choice is yours...

If you find this post helpful please mark it :-)

ciscosom Mon, 08/06/2007 - 12:42

If you are looking for the Pre-shared key issue "sh crypto isakmp key" on the router to see the Key that was set on the ISAKMP .

Sponge1771 Mon, 08/06/2007 - 12:47

That shows the isakmp configuration, but the key is blanked out with *******.

Actions

This Discussion