cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
674
Views
10
Helpful
4
Replies

ASA Crypto and Crypto Description

NIKHIL M K
Level 1
Level 1

Hi Guys

I would like to copy all cryptos and its description from ASA firewall(we used to same customer name on description). Is there any option?

4 Replies 4

@NIKHIL M K copy to where? to do what with this information?

From the CLI you can run "show run crypto map" to gather the different crypto maps, you'd also probably want "show run tunnel-group" and "show run crypto" and "show run group-policy".

To get the pre-shared key, you'd need to run "more system://running-config", the pre-shared key will now be displayed in cleartext.

We are changing the ISP. Planning to download tunnel details to an excel then verify the active customer so that we only need to change the peer IP for them.

@NIKHIL M K if you are changing ISP, then you would need to change IP address of your outside interface and the default route next hop IP address. The third party that connects a VPN tunnel to your firewall would need to update their peer IP address to your new ISP IP address.

If you want to document the configuration, use the commands provided above. You could also run "show crypto ikev1 sa" or "show crypto ikev2 sa" and "show crypto ipsec sa peer <ip>" to determine what exact crypto algorithms were used to establish the tunnel.

NIKHIL M K
Level 1
Level 1

Thank you. I will try this.

 

Review Cisco Networking for a $25 gift card