Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I encrypt the pre-shared key on Cisco 837 router?

Hi, how do encrypt the pre-shared key on a Cisco 837 router?

9 REPLIES

Re: How do I encrypt the pre-shared key on Cisco 837 router?

The preshared key is used to calculate the hash Values as per the parameters set (md5, hmac etc). This hash value is sent to the peer but never the key.

The only way to see the key is to look at the running configuration. The encryptrion does not get compromised on the wire even the key is not encrypted.

HTH

Narayan

Hall of Fame Super Gold

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Correct, matter is that most people is baffled when seeing any clear text keys in config as we know that terminal and enable passwords can be encrypted.

I'm not concerned, but security buffs are.

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Hi,

Totally agree with Narayan, but just to add a small thing, using service-password encryption causes the router to encrypt the passwords (weak reversible encryption) in any display of the configuration file and guards against the password being learned by observing the text copy of the configuration of the router, like for example somebody looking over your shoulders :)

HTH,

Mohammed Mahmoud.

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Mohammed,

The pre-shared key used with IPsec is not encrypted with the service password-encryption command on the routers.

All other passwords like vty, console, tacacs do get encrpted though via a weak algorithm (level 7)

The Key is not visible though on the firewall running configuration.

Narayan

New Member

Re: How do I encrypt the pre-shared key on Cisco 837 router?

I guess I should just leave it as it is then.

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Hi Narayan,

You are right :) i missed the original poster again, please do accept my apologies :)

Any way for the IPSec pre-shared key there was a new feature which i remember i've tested before, please take a look at it:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad9.html

HTH,

Mohammed Mahmoud.

Re: How do I encrypt the pre-shared key on Cisco 837 router?

No apologies needed my friend..

Well i got to know one thing from you now that the AES key can be stored in an encrypted manner :-)

Narayan

Hall of Fame Super Gold

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Good info and reassuring feature for certain situations! I've rated your post.

Re: How do I encrypt the pre-shared key on Cisco 837 router?

Hi Paolo,

Thank you very much for the appreciation and the nice rating :)

BR,

Mohammed Mahmoud.

453
Views
5
Helpful
9
Replies
CreatePlease to create content