Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
3
Replies

No tunnel group passwords inside ASA backup

Go to solution
ivickery
Level 1
Level 1

‎12-15-2008 07:02 PM - edited ‎02-21-2020 03:10 AM

Hi Does anyone know why the tunnel group passwords have been removed from the config. See below

tunnel-group TG_RAS ipsec-attributes

pre-shared-key *

This means that if I try to restore the config I am going to have an * as the preshare key password.

Is there a way to have the preshare key shown as encrypted text?

Many thanks

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎12-15-2008 08:07 PM

Hi,

Do a "write net tftp_server_ip:filename" and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.

Regards,

Arul

*Pls rate if it helps*

View solution in original post

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to ajagadee

‎12-15-2008 08:57 PM

In addition you can also issue more system to show secret keys in plain text of all Ipsec tunnels preshare keys.

The password has not been removed, as far as I know they do show as * but the actual password is there, when you backup config that information will be backed and copied back to fw when restoring config.

asa#more system:running-config

Regards

Jorge Rodriguez

View solution in original post

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎12-15-2008 10:59 PM

They are not removed. This is more of a security feature to evade the 'over the back' peekers :). You can see/recover the password using multiple ways:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

Regards

Farrukh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎12-15-2008 08:07 PM

Hi,

Do a "write net tftp_server_ip:filename" and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.

Regards,

Arul

*Pls rate if it helps*

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to ajagadee

‎12-15-2008 08:57 PM

In addition you can also issue more system to show secret keys in plain text of all Ipsec tunnels preshare keys.

The password has not been removed, as far as I know they do show as * but the actual password is there, when you backup config that information will be backed and copied back to fw when restoring config.

asa#more system:running-config

Regards

Jorge Rodriguez
0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎12-15-2008 10:59 PM

They are not removed. This is more of a security feature to evade the 'over the back' peekers :). You can see/recover the password using multiple ways:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card