I'm having issues getting the preshared key configured on both ends of a tunnel. I can change the key on the host FW but am unable to change the key on the remote FW. It just errors when issuing a command telling me that there's already a key assigned for the IP address requested. How can I change the key on the remote firewall?
Lan to Lan PIX VPN tunnel. I can change the preshared key on the host PIX, but the remote PIX will not allow me to change the key setting in the config t mode.
Use the below command to delete:
"no isakmp key *********** address xxx.xxx.xxx.xxx netmask 255.255.255.255"
Here ***** means your preshared key and XXX.XXX. means your destination IP address you have to use to delete and try add new one.
The problem is, I took over for some people that left and didn't document well, so I do not know what the preshared key is. Is there a way to either retrieve it or remove that command without setting the device back to defaults and starting from scratch?
You have a few methods to see the keys... ;-)
1. Copy the running-config to a tftp server (copy runn tftp)
2. Show the running config so you can see the pre-shared keys.
3. Enable a https server and view this using it.
The choice is yours...
If you find this post helpful please mark it :-)