How do I encrypt the pre-shared key on Cisco 837 router?

Unanswered Question
Jul 30th, 2007

Hi, how do encrypt the pre-shared key on a Cisco 837 router?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
royalblues Mon, 07/30/2007 - 02:20

The preshared key is used to calculate the hash Values as per the parameters set (md5, hmac etc). This hash value is sent to the peer but never the key.

The only way to see the key is to look at the running configuration. The encryptrion does not get compromised on the wire even the key is not encrypted.



Paolo Bevilacqua Mon, 07/30/2007 - 02:24

Correct, matter is that most people is baffled when seeing any clear text keys in config as we know that terminal and enable passwords can be encrypted.

I'm not concerned, but security buffs are.

mohammedmahmoud Mon, 07/30/2007 - 02:40


Totally agree with Narayan, but just to add a small thing, using service-password encryption causes the router to encrypt the passwords (weak reversible encryption) in any display of the configuration file and guards against the password being learned by observing the text copy of the configuration of the router, like for example somebody looking over your shoulders :)


Mohammed Mahmoud.

royalblues Mon, 07/30/2007 - 02:59


The pre-shared key used with IPsec is not encrypted with the service password-encryption command on the routers.

All other passwords like vty, console, tacacs do get encrpted though via a weak algorithm (level 7)

The Key is not visible though on the firewall running configuration.


royalblues Mon, 07/30/2007 - 03:34

No apologies needed my friend..

Well i got to know one thing from you now that the AES key can be stored in an encrypted manner :-)


mohammedmahmoud Mon, 07/30/2007 - 04:06

Hi Paolo,

Thank you very much for the appreciation and the nice rating :)


Mohammed Mahmoud.


This Discussion