show pre-share key on 6.3(5)125

Answered Question
Oct 17th, 2008

I have PIX 535, using 6.3(5)125 code.

is there show command for seeing what a IPSec VPN peer's pre-share key?

thanks, Kevin

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 3 months ago

Kevin,

If you don't have a "tftp-server" command configured on the Pix, the Pix by default uses the inside interface. Please refer the below URL for details.

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026054

So, configure this command and then run the write net....

Regards,

Arul

** Please rate all helpful posts **

Correct Answer by Jon Marshall about 8 years 3 months ago

tftp-server core /backup

write net

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
ajagadee Fri, 10/17/2008 - 13:29

Kevin,

The below method should work.

write net tftp_server_ip:filename

and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.

And I believe you can also use PDM to look at the keys in clear text but haven't tried this personally.

Regards,

Arul

** Please rate all helpful posts **

ksvy_ksvy Fri, 10/17/2008 - 14:02

I'm not able identify which file to copy over to my tftp server:

houfp3# sh flash

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:2048056

file 1: origin: 2097152 length:119478

file 2: origin: 2359296 length:1936

file 3: origin: 2490368 length:3152452

file 4: origin: 0 length:0

file 5: origin: 8257536 length:308

houfp3#

thanks,

ajagadee Fri, 10/17/2008 - 14:24

Kevin,

The below explanation should help.

file 0: PIX Firewall binary image, where the .bin file is stored.

file 1: PIX Firewall configuration data that you can view with the show config command.

file 2: PIX Firewall datafile that stores IPSec key and certificate information.

file 3: PIX Firewall PDM image.

file 4: crashdump

file 5: filesystem record

So, File 1 is what I would use to copy to your TFTP Server.

Let me know if it works.

Regards,

Arul

** Please rate all helpful posts **

ksvy_ksvy Fri, 10/17/2008 - 14:31

no luck:

houfp3# write net 14x.x.x.x 1

Building configuration...

[FAILED]

Usage: write erase|floppy|mem|terminal|standby

write net []:

houfp3# write net 14x.x.x.x :file 1

Building configuration...

[FAILED]

Usage: write erase|floppy|mem|terminal|standby

write net []:

hou150fp3#

thanks,

ksvy_ksvy Fri, 10/17/2008 - 15:01

well,almost there, there are several legs (internetwork interfaces) on this 535, and it appears that that pix is trying to go out the "inside" (security level 100), but the tftp server is on the next highest secure leg - named: core (interface 1, security level 90)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 core security90

houfp3# write net 14x.x.x.x:backup

Building configuration...

TFTP write 'backup' at 14x.x.x.x on interface 1

Timed out attempting to connect

[FAILED]

houfp3#

houfp3# ping inside 14x.x.x.x

14x.x.x.x NO response received -- 1000ms

14x.x.x.x NO response received -- 1000ms

14x.x.x.x NO response received -- 1000ms

houfp3# ping core 14x.x.x.x

14x.x.x.x response received -- 0ms

14x.x.x.x response received -- 0ms

14x.x.x.x response received -- 0ms

houfp3#

Jon Marshall Fri, 10/17/2008 - 14:24

You don't need to. The filename in the command "write net tftp_server_ip:filename" is a filename you create. So just pick a name that makes sense eg.

write net :fw_backup

Jon

Actions

This Discussion