Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pre-share key showing as clear text in router configuration

Hello Expert,

I using DMVPN to configure my tunnel between the Hub and spokes.

I discovered my pre-share key are shown in clear text when i do sh run config command.

How can i correct this.

crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)

Regards

Jomo

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: pre-share key showing as clear text in router configuration

Hello Jomo,

what IOS image is running on the hub ?

you can try to use

conf t

service password encryption

warning: but this will encrypt all passwords in configuration

check the syntax as I couldn't verify it.

Hope to help

Giuseppe

4 REPLIES
Hall of Fame Super Blue

Re: pre-share key showing as clear text in router configuration

rbglusers wrote:

Hello Expert,

I using DMVPN to configure my tunnel between the Hub and spokes.

I discovered my pre-share key are shown in clear text when i do sh run config command.

How can i correct this.

crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)

Regards

Jomo

Jomo

See this document to answer your query -

Encrypt pre-shared keys in IOS

Jon

New Member

Re: pre-share key showing as clear text in router configuration

hello jon,

I read the document as per link and i am able to encrypt the pre-share key on the spoke but not on the hub,

When I add a new pre-share for the any  spoke end point it is showing the clear text

A quick outline i have a hub router connect to around 7 spoke

I am using dmvpn to configure the vpn tunnels

as part of the ike policy i am adding unique pre-share key per spoke,as oppose to a single pre-share key for all.

I found only when i configure the 0.0.0.0 network i am able to get the encryption as showing below:-

IKE PRE-SHARE KEY CONFIGURATION ON THE HUB

-------------------------------------------------------------------------------------------------

crypto isakmp key thisatestkeyconfigurationnumber2 address ppp.xxx.rrr.2

crypto isakmp key thisatestkeyconfigurationnumber1 address eee.sss.www.17

crypto isakmp key #Zjq>eaRc2[KAsgj:`U7oBP\+o.qiZ-@ address 0.0.0.0 0.0.0.0

I am unsure how to move forward.

Regards

Hall of Fame Super Silver

Re: pre-share key showing as clear text in router configuration

Hello Jomo,

what IOS image is running on the hub ?

you can try to use

conf t

service password encryption

warning: but this will encrypt all passwords in configuration

check the syntax as I couldn't verify it.

Hope to help

Giuseppe

New Member

Re: pre-share key showing as clear text in router configuration

hello Giustar,

VERSION

This is the show version output of the router: show version

!----------------------------------------------------------------------------

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 28-Nov-07 21:10 by stshen

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

uptime is 7 weeks, 3 days, 15 hours, 6 minutes

System returned to ROM by power-on

System image file is "flash:c2800nm-advsecurityk9-mz.124-3i.bin"

>>>>   you can try to use

       conf t

       service password encryption

  

This command is alredy on the router see subset of my running configuration below

router07#sh run
Building configuration...

Current configuration : 6769 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!

Regards

Jomo

726
Views
0
Helpful
4
Replies