Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

PIX Pre-shared Key Recovery

There are times you will need to add configuration or make changes toa live PIX Firewall or ASA.

It is common for the original pre-shared keys used in site-to-site VPNs to be mislaid or forgotten. For example, perhaps the previous manager has left the company.

It is not possible to see a copy of the configuration with the keys viewable as they are hidden as ******.

The answer is to save a copy of the configuration to a TFTP server. This file can then be viewed using any simple text document. It can also be used to re-configure the device back to its original state if necessary.

-Tony Holmes, Cistek Solutions Ltd, Cheltenham, Glos, England, UK

The command is "write net <tftp_ip>:<filename>" (or you can just use "write net" if a tftp-server has been previously defined in the running configuration). You can learn more about this feature at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml#write

Also, starting with version 7.0, administrators can optionally use the "copy" command to copy either the startup-config or running-config to either a TFTP or FTP server.

  • "copy running-config tftp:<URL>"
  • "copy running-config ftp:<URL>"

More information on the copy command can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c4_72.html

To receive the latest information on Cisco online tools, certifications, support documentation, insights from Cisco experts and peers, and upcoming events, check out the Cisco Technical Services Newsletter today.

Version history
Revision #:
1 of 1
Last update:
‎07-03-2009 01:32 AM
Updated by:
 
Labels (1)