I have to upgrade the PIX OS from 6.3(1) to 7.X.There are few crypto ( site-site)configs with preshared keys.I remember that I had faced issues on the 1700/2600 old routers when upgrading the IOS, the preshared keys seems to be not working.I used to manually configure the same.Not sure with pix.Since the administrator has forgotten the PRESHARED key, now I cant take any risk on going for the upgradation.Did any one had issues with crypto configs after the code upgradation with PIX 525 ?.
Even easier than setting up a TFTP server... If you login to the PIX using ASDM, you can view (in clear text) the preshared keys for a particular tunnel group. Go to Config --> VPN --> General --> Tunnel Group --> Edit Tunnel Group --> IPsec tab --> Pre-Shared Key
thanks for all your responses.Yes, write net is an option but I didnt try since 6.3.1 to 7.X is major code change.I could try all these by knowing the preshared keys on hand.
What I need to confirm is " there should not be any issues" after the OS upgradation.If wr net misses the preshared key somehow, I should not be in trouble.Coming to the ASDM part, the code is 6.3(1) which supports pdm only.
Did anyone experienced with the preshared key issues after the upgradtion
We don't do any VPN on our PIXes so I can't really comment on it. I would think that if there were a lot of problems with the upgrades and VPN keys, you would hear about it (here, google groups, TAC, etc.)
I have recently did two upgrades on a couple of PIX 515's running 6.3(4) code and the pre-shared keys stayed in tact. You should be good to go. But as a precaution I would always do a write net before any upgrade.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :