Home > Cisco, IINS > How to view an encrypted pre-shared key in clear-text on a Cisco ASA

How to view an encrypted pre-shared key in clear-text on a Cisco ASA

September 14th, 2012 Leave a comment Go to comments

If you ever have the need to recovered a pre-shared key from a Cisco ASA it is not as simple as it is on a router. Sadly simply issuing the show run command only presents you with a line of *****.

ASA_Firewall# show running-config

!– Output Omited

tunnel-group 10.1.1.1 type ipsec-l2l
tunnel-group 10.1.1.1 general-attributes
default-group-policy GroupPolicy_10.1.1.1
tunnel-group 10.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
!

!– Output Omited

Fortunately there is an easy way around this albeit not a extremely obvious one. To show the clear-text version of the pre-shared key simply issue the more system:running-config command and scroll down to the location of the key in your config and voila, unencrypted pre-shared key.

ASA_Firewall# more system:running-config

!– Output Omited

tunnel-group 10.1.1.1 type ipsec-l2l
tunnel-group 10.1.1.1 general-attributes
default-group-policy GroupPolicy_10.1.1.1
tunnel-group 10.1.1.1 ipsec-attributes
ikev1 pre-shared-key MySecretKey
!

!– Output Omited

Categories: Cisco, IINS Tags:
  1. No comments yet.
  1. No trackbacks yet.