show pre-share key on 6.3(5)125

Answered Question
Oct 17th, 2008
User Badges:


I have PIX 535, using 6.3(5)125 code.


is there show command for seeing what a IPSec VPN peer's pre-share key?


thanks, Kevin

Correct Answer by ajagadee about 8 years 9 months ago

Kevin,


If you don't have a "tftp-server" command configured on the Pix, the Pix by default uses the inside interface. Please refer the below URL for details.


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026054


So, configure this command and then run the write net....


Regards,

Arul


** Please rate all helpful posts **

Correct Answer by Jon Marshall about 8 years 9 months ago

tftp-server core /backup


write net


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
ajagadee Fri, 10/17/2008 - 13:29
User Badges:
  • Cisco Employee,

Kevin,


The below method should work.


write net tftp_server_ip:filename


and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.


And I believe you can also use PDM to look at the keys in clear text but haven't tried this personally.


Regards,

Arul


** Please rate all helpful posts **


ksvy_ksvy Fri, 10/17/2008 - 14:02
User Badges:


I'm not able identify which file to copy over to my tftp server:

houfp3# sh flash

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:2048056

file 1: origin: 2097152 length:119478

file 2: origin: 2359296 length:1936

file 3: origin: 2490368 length:3152452

file 4: origin: 0 length:0

file 5: origin: 8257536 length:308

houfp3#


thanks,

ajagadee Fri, 10/17/2008 - 14:24
User Badges:
  • Cisco Employee,

Kevin,


The below explanation should help.


file 0: PIX Firewall binary image, where the .bin file is stored.

file 1: PIX Firewall configuration data that you can view with the show config command.

file 2: PIX Firewall datafile that stores IPSec key and certificate information.

file 3: PIX Firewall PDM image.

file 4: crashdump

file 5: filesystem record


So, File 1 is what I would use to copy to your TFTP Server.


Let me know if it works.


Regards,

Arul


** Please rate all helpful posts **

ksvy_ksvy Fri, 10/17/2008 - 14:31
User Badges:

no luck:


houfp3# write net 14x.x.x.x 1

Building configuration...

[FAILED]

Usage: write erase|floppy|mem|terminal|standby

write net []:

houfp3# write net 14x.x.x.x :file 1

Building configuration...

[FAILED]

Usage: write erase|floppy|mem|terminal|standby

write net []:

hou150fp3#



thanks,

Jon Marshall Fri, 10/17/2008 - 14:38
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

try


write net 14x.x.x.x:fw_backup


Jon

ajagadee Fri, 10/17/2008 - 14:39
User Badges:
  • Cisco Employee,

Kevin,


Please refer the below command reference for details on using write net.


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1027782


You dont need to specific the File 1. I should have been more clear when I replied to your query. File 1 is where the Pix stores the configuration on the flash.


Regards,

Arul


** Please rate all helpful posts **

ksvy_ksvy Fri, 10/17/2008 - 15:01
User Badges:


well,almost there, there are several legs (internetwork interfaces) on this 535, and it appears that that pix is trying to go out the "inside" (security level 100), but the tftp server is on the next highest secure leg - named: core (interface 1, security level 90)


nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 core security90



houfp3# write net 14x.x.x.x:backup

Building configuration...

TFTP write 'backup' at 14x.x.x.x on interface 1

Timed out attempting to connect

[FAILED]

houfp3#



houfp3# ping inside 14x.x.x.x

14x.x.x.x NO response received -- 1000ms

14x.x.x.x NO response received -- 1000ms

14x.x.x.x NO response received -- 1000ms

houfp3# ping core 14x.x.x.x

14x.x.x.x response received -- 0ms

14x.x.x.x response received -- 0ms

14x.x.x.x response received -- 0ms

houfp3#




Correct Answer
Jon Marshall Fri, 10/17/2008 - 15:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

tftp-server core /backup


write net


Jon


Correct Answer
ajagadee Fri, 10/17/2008 - 15:10
User Badges:
  • Cisco Employee,

Kevin,


If you don't have a "tftp-server" command configured on the Pix, the Pix by default uses the inside interface. Please refer the below URL for details.


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026054


So, configure this command and then run the write net....


Regards,

Arul


** Please rate all helpful posts **

Jon Marshall Fri, 10/17/2008 - 14:24
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

You don't need to. The filename in the command "write net tftp_server_ip:filename" is a filename you create. So just pick a name that makes sense eg.


write net :fw_backup


Jon

Actions

This Discussion