How to recover a pre-shared key on the PIX / ASA.


Wed, 03/31/2010 - 00:55
Jun 22nd, 2009

Core issue

Once a pre-shared is configured, it is encrypted, and you cannot see it in the running configuration. It is displayed as ********.


To view the system configuration in 7.x code without "********", use the command below:


Alternatively to recover, perform one of the three solutions:

  • Upload your configuration to a TFTP server. This is needed because once the configuration is sent to the TFTP server, the pre-shared key and other passwords appear as clear text (instead of  ******** , as in the show run command).

    To upload your configuration to a TFTP server, issue this command:

    ASA#write net ):

    Once the file is saved on the TFTP server, you can open it with a text editor and view the passwords in clear text.

  • The configuration can also be uploaded to an FTP server. This is the command:

    ASA#copy running-config ftp://USERNAME:PASSWORD@ServerIP/

  • A copy of the configuration can be saved in clear text on the ASA only. Issue these commands on the Adaptive Security Appliance (ASA) :

    ASA#copy run


After performing one of these options, you should be able to see the pre-shared key.

For further information refer to the copy command.

Mudasir Abbas Wed, 03/31/2010 - 00:55


I need to see the passwords in clear text those i have in my ASA local database. because I need to create them in AAA with same username/Password. I tried all of the three solution but all of them showing pre-share key as clear text but not the passwords of the users. Is there any other way to get them in clear text?

your help will be highly appreciated.


This Document

Related Content