07-30-2007 02:15 AM - edited 03-03-2019 06:05 PM
Hi, how do encrypt the pre-shared key on a Cisco 837 router?
07-30-2007 02:20 AM
The preshared key is used to calculate the hash Values as per the parameters set (md5, hmac etc). This hash value is sent to the peer but never the key.
The only way to see the key is to look at the running configuration. The encryptrion does not get compromised on the wire even the key is not encrypted.
HTH
Narayan
07-30-2007 02:24 AM
Correct, matter is that most people is baffled when seeing any clear text keys in config as we know that terminal and enable passwords can be encrypted.
I'm not concerned, but security buffs are.
07-30-2007 02:40 AM
Hi,
Totally agree with Narayan, but just to add a small thing, using service-password encryption causes the router to encrypt the passwords (weak reversible encryption) in any display of the configuration file and guards against the password being learned by observing the text copy of the configuration of the router, like for example somebody looking over your shoulders :)
HTH,
Mohammed Mahmoud.
07-30-2007 02:59 AM
Mohammed,
The pre-shared key used with IPsec is not encrypted with the service password-encryption command on the routers.
All other passwords like vty, console, tacacs do get encrpted though via a weak algorithm (level 7)
The Key is not visible though on the firewall running configuration.
Narayan
07-30-2007 03:00 AM
I guess I should just leave it as it is then.
07-30-2007 03:23 AM
Hi Narayan,
You are right :) i missed the original poster again, please do accept my apologies :)
Any way for the IPSec pre-shared key there was a new feature which i remember i've tested before, please take a look at it:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad9.html
HTH,
Mohammed Mahmoud.
07-30-2007 03:34 AM
No apologies needed my friend..
Well i got to know one thing from you now that the AES key can be stored in an encrypted manner :-)
Narayan
07-30-2007 03:55 AM
Good info and reassuring feature for certain situations! I've rated your post.
07-30-2007 04:06 AM
Hi Paolo,
Thank you very much for the appreciation and the nice rating :)
BR,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide