Solved: Re: ASA 5512 Cipher text not updating in CLI

JamesWilliams2906 · ‎01-27-2021

Migrating from one ASA 5512-X to another ASA 5512-X appliance. When applying same configuration the password cipher is not the same.

What is the procedure to update the cipher text via CLI?

from --> enable password ***** encrypted
to --> enable password 0EoFS/7BiWTeTGZa encrypted

The ASA 5512-X is running asa9-12-4-10-smp-k8.bin.

Followed the master key steps at url Encrypt Pre-shared Keys in Cisco IOS Router Configuration Example - Cisco

that take with no errors, but the enable password still shows in *****.

Even after creating a master key with password encryption aes we are unable to apply any other config statements that have a level 8 encryption. The CLI responds with the below statement:

! The following entry is deferred until the password encryption key is specified.
snmp-server community 8 bYX+DDYgbhqDA5UPsSj23rox8vnmGuG9Us+gfu==

TJ-20933766 · ‎01-27-2021

Run the command:

more system:running-config

You should be able to see everything that has the asterisks obfuscating the passwords. Then just take the output and push it to the replacement ASA

View solution in original post

TJ-20933766 · ‎01-27-2021

Run the command:

more system:running-config

You should be able to see everything that has the asterisks obfuscating the passwords. Then just take the output and push it to the replacement ASA

JamesWilliams2906 · ‎01-27-2021

When i try to copy to the replacement ASA the CLI responds with:

! The following entry is deferred until the password encryption key is specified.

snmp-server community 8 neB+HDVvyZrMG2fP8jWY39/sUEqgS8ouWfWZLO==

The master key has been set along with password encryption aes statement present in configuration.