12-19-2017 06:56 AM - edited 02-21-2020 06:58 AM
The following now appears in my ASA config file:
(obfuscated hash)
! The following entry is deferred until the password encryption key is specified. snmp-server community 8 jX1ZpJ8wlsJWIYJFHHnXF4htTLcjPvQPHGM=
The snmp V2c works.
Google search for the string "The following entry is deferred until the password encryption key is specified." returns nothing useful.
So what does "deferred" mean?
What is a "password encryption key?"
12-19-2017 07:58 AM
The ASA can encrypt local passwords (and a community-string is also a password) in the config. For that password-encryption has to be configured:
key config-key password-encryption SUPER-SECRET-KEY password encryption aes
The key will not be visible in the config and the ASA can't use the encrypted keys until you configure the line with the config-key. That is meant with "deferred".
12-19-2017 11:32 AM
@Karsten Iwen wrote:
The ASA can encrypt local passwords (and a community-string is also a password) in the config. For that password-encryption has to be configured:
key config-key password-encryption SUPER-SECRET-KEY password encryption aesThe key will not be visible in the config and the ASA can't use the encrypted keys until you configure the line with the config-key. That is meant with "deferred".
That's pretty clear; but it begs a few more questions..
- How is it that the community string is hashed if no config-key has been supplied?
- More to the point, the snmp v2c community string works fine from remote machines; so presumably it's not "deferred?"
12-19-2017 12:22 PM
Actually, you should just see the encrypted string and not a hash.
If it works, it could be because of the rest of the config/setup that you didn't show. Hard to tell.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide