cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
919
Views
0
Helpful
10
Replies

ISAKMP Auth failing

Sponge1771
Level 1
Level 1

I'm having issues getting the preshared key configured on both ends of a tunnel. I can change the key on the host FW but am unable to change the key on the remote FW. It just errors when issuing a command telling me that there's already a key assigned for the IP address requested. How can I change the key on the remote firewall?

10 Replies 10

sathishd-aus
Level 1
Level 1

You are configuring preshared key on PIX/ASA or in router.

Lan to Lan PIX VPN tunnel. I can change the preshared key on the host PIX, but the remote PIX will not allow me to change the key setting in the config t mode.

Hi

Try deleting the existing one first ie.

no isakmp key ******** address "IP address"

and then add your new one.

HTH

Jon

I don't know the key, but did not try entering *******, will just using asterisks work?

Hi

Have you tried this command. Yes using just asterisks should remove the key.

Jon

krishnakomiti
Level 1
Level 1

Hi,

Use the below command to delete:

"no isakmp key *********** address xxx.xxx.xxx.xxx netmask 255.255.255.255"

Here ***** means your preshared key and XXX.XXX. means your destination IP address you have to use to delete and try add new one.

Ragards,

Krishna.

The problem is, I took over for some people that left and didn't document well, so I do not know what the preshared key is. Is there a way to either retrieve it or remove that command without setting the device back to defaults and starting from scratch?

Hi Sponge1771

You have a few methods to see the keys... ;-)

1. Copy the running-config to a tftp server (copy runn tftp)

2. Show the running config so you can see the pre-shared keys.

more system:running-config

3. Enable a https server and view this using it.

The choice is yours...

If you find this post helpful please mark it :-)

If you are looking for the Pre-shared key issue "sh crypto isakmp key" on the router to see the Key that was set on the ISAKMP .

That shows the isakmp configuration, but the key is blanked out with *******.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: