07-24-2007 10:17 AM
I'm having issues getting the preshared key configured on both ends of a tunnel. I can change the key on the host FW but am unable to change the key on the remote FW. It just errors when issuing a command telling me that there's already a key assigned for the IP address requested. How can I change the key on the remote firewall?
07-25-2007 01:14 AM
You are configuring preshared key on PIX/ASA or in router.
07-25-2007 06:17 AM
Lan to Lan PIX VPN tunnel. I can change the preshared key on the host PIX, but the remote PIX will not allow me to change the key setting in the config t mode.
07-25-2007 10:39 AM
Hi
Try deleting the existing one first ie.
no isakmp key ******** address "IP address"
and then add your new one.
HTH
Jon
07-25-2007 12:55 PM
I don't know the key, but did not try entering *******, will just using asterisks work?
08-06-2007 01:56 PM
Hi
Have you tried this command. Yes using just asterisks should remove the key.
Jon
07-31-2007 02:56 AM
Hi,
Use the below command to delete:
"no isakmp key *********** address xxx.xxx.xxx.xxx netmask 255.255.255.255"
Here ***** means your preshared key and XXX.XXX. means your destination IP address you have to use to delete and try add new one.
Ragards,
Krishna.
07-31-2007 05:55 AM
The problem is, I took over for some people that left and didn't document well, so I do not know what the preshared key is. Is there a way to either retrieve it or remove that command without setting the device back to defaults and starting from scratch?
08-06-2007 04:38 AM
Hi Sponge1771
You have a few methods to see the keys... ;-)
1. Copy the running-config to a tftp server (copy runn tftp)
2. Show the running config so you can see the pre-shared keys.
more system:running-config
3. Enable a https server and view this using it.
The choice is yours...
If you find this post helpful please mark it :-)
08-06-2007 12:42 PM
If you are looking for the Pre-shared key issue "sh crypto isakmp key" on the router to see the Key that was set on the ISAKMP .
08-06-2007 12:47 PM
That shows the isakmp configuration, but the key is blanked out with *******.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: