pre-share key showing as clear text in router configuration

Answered Question
Sep 6th, 2010
User Badges:

Hello Expert,


I using DMVPN to configure my tunnel between the Hub and spokes.


I discovered my pre-share key are shown in clear text when i do sh run config command.


How can i correct this.


crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)

Regards

Jomo

Correct Answer by Giuseppe Larosa about 6 years 7 months ago

Hello Jomo,

what IOS image is running on the hub ?


you can try to use

conf t

service password encryption


warning: but this will encrypt all passwords in configuration

check the syntax as I couldn't verify it.


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 09/06/2010 - 13:52
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

rbglusers wrote:


Hello Expert,


I using DMVPN to configure my tunnel between the Hub and spokes.


I discovered my pre-share key are shown in clear text when i do sh run config command.


How can i correct this.


crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)


Regards

Jomo


Jomo


See this document to answer your query -


Encrypt pre-shared keys in IOS


Jon

jomo frank Tue, 09/07/2010 - 09:58
User Badges:

hello jon,


I read the document as per link and i am able to encrypt the pre-share key on the spoke but not on the hub,

When I add a new pre-share for the any  spoke end point it is showing the clear text



A quick outline i have a hub router connect to around 7 spoke

I am using dmvpn to configure the vpn tunnels

as part of the ike policy i am adding unique pre-share key per spoke,as oppose to a single pre-share key for all.

I found only when i configure the 0.0.0.0 network i am able to get the encryption as showing below:-



IKE PRE-SHARE KEY CONFIGURATION ON THE HUB

-------------------------------------------------------------------------------------------------


crypto isakmp key thisatestkeyconfigurationnumber2 address ppp.xxx.rrr.2

crypto isakmp key thisatestkeyconfigurationnumber1 address eee.sss.www.17

crypto isakmp key #Zjq>eaRc2[KAsgj:`U7oBP\+o.qiZ-@ address 0.0.0.0 0.0.0.0



I am unsure how to move forward.


Regards

Correct Answer
Giuseppe Larosa Tue, 09/07/2010 - 13:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jomo,

what IOS image is running on the hub ?


you can try to use

conf t

service password encryption


warning: but this will encrypt all passwords in configuration

check the syntax as I couldn't verify it.


Hope to help

Giuseppe

jomo frank Wed, 09/08/2010 - 07:16
User Badges:

hello Giustar,


VERSION


This is the show version output of the router: show version

!----------------------------------------------------------------------------

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 28-Nov-07 21:10 by stshen

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

uptime is 7 weeks, 3 days, 15 hours, 6 minutes

System returned to ROM by power-on

System image file is "flash:c2800nm-advsecurityk9-mz.124-3i.bin"

>>>>   you can try to use

       conf t

       service password encryption

  

This command is alredy on the router see subset of my running configuration below

router07#sh run
Building configuration...

Current configuration : 6769 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!


Regards

Jomo

Actions

This Discussion