Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISAKMP Auth failing

I'm having issues getting the preshared key configured on both ends of a tunnel. I can change the key on the host FW but am unable to change the key on the remote FW. It just errors when issuing a command telling me that there's already a key assigned for the IP address requested. How can I change the key on the remote firewall?

10 REPLIES
New Member

Re: ISAKMP Auth failing

You are configuring preshared key on PIX/ASA or in router.

New Member

Re: ISAKMP Auth failing

Lan to Lan PIX VPN tunnel. I can change the preshared key on the host PIX, but the remote PIX will not allow me to change the key setting in the config t mode.

Hall of Fame Super Blue

Re: ISAKMP Auth failing

Hi

Try deleting the existing one first ie.

no isakmp key ******** address "IP address"

and then add your new one.

HTH

Jon

New Member

Re: ISAKMP Auth failing

I don't know the key, but did not try entering *******, will just using asterisks work?

Hall of Fame Super Blue

Re: ISAKMP Auth failing

Hi

Have you tried this command. Yes using just asterisks should remove the key.

Jon

New Member

Re: ISAKMP Auth failing

Hi,

Use the below command to delete:

"no isakmp key *********** address xxx.xxx.xxx.xxx netmask 255.255.255.255"

Here ***** means your preshared key and XXX.XXX. means your destination IP address you have to use to delete and try add new one.

Ragards,

Krishna.

New Member

Re: ISAKMP Auth failing

The problem is, I took over for some people that left and didn't document well, so I do not know what the preshared key is. Is there a way to either retrieve it or remove that command without setting the device back to defaults and starting from scratch?

New Member

Re: ISAKMP Auth failing

Hi Sponge1771

You have a few methods to see the keys... ;-)

1. Copy the running-config to a tftp server (copy runn tftp)

2. Show the running config so you can see the pre-shared keys.

more system:running-config

3. Enable a https server and view this using it.

The choice is yours...

If you find this post helpful please mark it :-)

New Member

Re: ISAKMP Auth failing

If you are looking for the Pre-shared key issue "sh crypto isakmp key" on the router to see the Key that was set on the ISAKMP .

New Member

Re: ISAKMP Auth failing

That shows the isakmp configuration, but the key is blanked out with *******.

141
Views
0
Helpful
10
Replies
CreatePlease to create content