Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No tunnel group passwords inside ASA backup

Hi Does anyone know why the tunnel group passwords have been removed from the config. See below

tunnel-group TG_RAS ipsec-attributes

pre-shared-key *

This means that if I try to restore the config I am going to have an * as the preshare key password.

Is there a way to have the preshare key shown as encrypted text?

Many thanks

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: No tunnel group passwords inside ASA backup

Hi,

Do a "write net tftp_server_ip:filename" and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.

Regards,

Arul

*Pls rate if it helps*

Re: No tunnel group passwords inside ASA backup

In addition you can also issue more system to show secret keys in plain text of all Ipsec tunnels preshare keys.

The password has not been removed, as far as I know they do show as * but the actual password is there, when you backup config that information will be backed and copied back to fw when restoring config.

asa#more system:running-config

Regards

Re: No tunnel group passwords inside ASA backup

They are not removed. This is more of a security feature to evade the 'over the back' peekers :). You can see/recover the password using multiple ways:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

Regards

Farrukh

3 REPLIES
Cisco Employee

Re: No tunnel group passwords inside ASA backup

Hi,

Do a "write net tftp_server_ip:filename" and then open the filename from the tftp server. It should be in a non-encrypted format. The encryption is caused by the PIX software.

Regards,

Arul

*Pls rate if it helps*

Re: No tunnel group passwords inside ASA backup

In addition you can also issue more system to show secret keys in plain text of all Ipsec tunnels preshare keys.

The password has not been removed, as far as I know they do show as * but the actual password is there, when you backup config that information will be backed and copied back to fw when restoring config.

asa#more system:running-config

Regards

Re: No tunnel group passwords inside ASA backup

They are not removed. This is more of a security feature to evade the 'over the back' peekers :). You can see/recover the password using multiple ways:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml

Regards

Farrukh

228
Views
0
Helpful
3
Replies