Re: Preshared keys after PIX OS Upgradation

rkumares · ‎01-23-2007

I have to upgrade the PIX OS from 6.3(1) to 7.X.There are few crypto ( site-site)configs with preshared keys.I remember that I had faced issues on the 1700/2600 old routers when upgrading the IOS, the preshared keys seems to be not working.I used to manually configure the same.Not sure with pix.Since the administrator has forgotten the PRESHARED key, now I cant take any risk on going for the upgradation.Did any one had issues with crypto configs after the code upgradation with PIX 525 ?.

Thanks,

Rajan

Collin Clark · ‎01-23-2007

You can get the preshared key if you do a 'write network' on the PIX (same as copy run tftp on a router).

HTH and please rate.

jwalker · ‎01-23-2007

Even easier than setting up a TFTP server... If you login to the PIX using ASDM, you can view (in clear text) the preshared keys for a particular tunnel group. Go to Config --> VPN --> General --> Tunnel Group --> Edit Tunnel Group --> IPsec tab --> Pre-Shared Key

Please rate if this helps.

rkumares · ‎01-24-2007

Hi,

thanks for all your responses.Yes, write net is an option but I didnt try since 6.3.1 to 7.X is major code change.I could try all these by knowing the preshared keys on hand.

What I need to confirm is " there should not be any issues" after the OS upgradation.If wr net misses the preshared key somehow, I should not be in trouble.Coming to the ASDM part, the code is 6.3(1) which supports pdm only.

Did anyone experienced with the preshared key issues after the upgradtion

Thanks,

Rajan

Collin Clark · ‎01-24-2007

We don't do any VPN on our PIXes so I can't really comment on it. I would think that if there were a lot of problems with the upgrades and VPN keys, you would hear about it (here, google groups, TAC, etc.)

dbnorton · ‎01-24-2007

I have recently did two upgrades on a couple of PIX 515's running 6.3(4) code and the pre-shared keys stayed in tact. You should be good to go. But as a precaution I would always do a write net before any upgrade.