PIX Pre-shared Key Recovery

There are times you will need to add configuration or make changes toa live PIX Firewall or ASA.

It is common for the original pre-shared keys used in site-to-site VPNs to be mislaid or forgotten. For example, perhaps the previous manager has left the company.

It is not possible to see a copy of the configuration with the keys viewable as they are hidden as ******.

The answer is to save a copy of the configuration to a TFTP server. This file can then be viewed using any simple text document. It can also be used to re-configure the device back to its original state if necessary.

-Tony Holmes, Cistek Solutions Ltd, Cheltenham, Glos, England, UK

Editor’s Note: The command is “write net <tftp_ip>:<filename>” (or you can just use “write net” if a tftp-server has been previously defined in the running configuration). You can learn more about this feature at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml#write

Also, starting with version 7.0, administrators can optionally use the “copy” command to copy either the startup-config or running-config to either a TFTP or FTP server.

* “copy running-config tftp:<URL>”
* “copy running-config ftp:<URL>”

More information on the copy command can be found here:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c4_711.htm#wp2041583

Source : supportwiki

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.