cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4461
Views
11
Helpful
10
Replies

View Pre-shared keys withing a Context - Cisco ASA5545

kasunrajapakse
Level 1
Level 1

Hi Guys, 

I have a Cisco ASA5545 and has configured 4 contexts

Each context contains multiple IPSec VPN configs. 

 

I want to see the Preshared keys in clear text (because I don't know the existing keys)

But this command "more system:running-config" only works in the "context system"

 

I can't execute the more system:running-config command if i switch the context to vpn1, vpn2 or vpn3 (Cisco_ASA5545# change context vpn1)

 

How can I view the preshared keys configured in each context? 

Please help.

 

Cisco_ASA5545# show context
Context Name Class Interfaces Mode URL
*admin default Management0/0 Routed disk0:/admin.cfg

 

vpn1 default GigabitEthernet1/0, Routed disk0:/vpn1.cfg
GigabitEthernet1/0.1729-
1730,1732,1735-1739,
1744-1745,
GigabitEthernet1/1

 

vpn2 default GigabitEthernet0/0, Routed disk0:/vpn2.cfg
GigabitEthernet0/1,
GigabitEthernet1/0.1731,
1733-1734,1740-1743

 

vpn3 default GigabitEthernet1/2, Routed disk0:/vpn3.cfg
GigabitEthernet1/2.3101

Total active Security Contexts: 4
Cisco_ASA5545#

1 Accepted Solution

Accepted Solutions

Hi Guys, 

 

After many hours of troubleshooting, the only way I found was to export the config of each context to a tftp server. 

This exported the running config in clear text (including pre shared keys)

Hope this helps.

 

Thanks

 

View solution in original post

10 Replies 10

kasunrajapakse
Level 1
Level 1
Hi Guys,
Any help please??
Thanks#

from the system context issue the command "dir" (without quotes), locate the context file you wish to view and the issue the command more disk0:/filename

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

 

Thank you for the reply. But my issue is complicated than this. 

The issue is I can't access my disk due to the following bug.

Bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw95262/

 

So my intention is to take a copy of the running config of each context (With the pre-shared keys in clear text) before I tackle this issue. (I am planning on upgrading the firmware / rebooting the ASA at a later point). So, since I can't save any configs, I want to take a copy of the running config of each context in clear text. 

 

Any advice on this?

 

Thanks in advance. 

If you do not have access to disk0: and you have not been taking regular backups of the configuration then there really isn't much you can do to retrieve the pre-shared keys.  Have you tried running fsck disk0: to see if that sorts the issue with access to the drive?

What about through ASDM? are you able to access disk0: through ASDM?

You could also try contacting the remote side of the VPN and ask them to provide you with the preshared key.

--
Please remember to select a correct answer and rate helpful posts

Hi Marius, 

 

Thanks a lot for the idea. 

I will check this and see how it goes. 

Thanks

 

Hi Guys, 

 

After many hours of troubleshooting, the only way I found was to export the config of each context to a tftp server. 

This exported the running config in clear text (including pre shared keys)

Hope this helps.

 

Thanks

 

yes it will include the plan text preshared key. I just tested.

 

i tested my tftp file

copy running-config tftp://192.168.185.68

tunnel-group 6.6.6.6 type ipsec-l2l
tunnel-group 6.6.6.6 ipsec-attributes
ikev2 remote-authentication pre-shared-key cisco123
ikev2 local-authentication pre-shared-key cisco123

please do not forget to rate.

Hi, 

Thanks for confirming. My next step is to upgrade the version. 

My ASA is ASA5545 and running  Version 9.4(3). But this is affected with the following bug. 

Bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw95262/

 

I want to upgrade to version ASA 9.6(3.1)

But I can't find the upgrade pack in the following URL.

Can someone please help me in downloading ASA 9.6(3.1). I can only see Release 9.6.3 (which I don't want to use)

So please let me know where I can download Release 9.6.(3.1) 

https://software.cisco.com/download/home/284143130/type/280775065/release/9.6.3

 

Hi,

 

    Take a closer look, you're in a hurry and missing the obvious. Release 9.6.3(1) is the only one available for 9.6.3; even though the left tab says 9.6.3, the image is for 9.6.3(1). Cisco always leaves only the stable version for old IOS'es.

 

Regards,

Cristian Matei.

Hi Christian,

 

Thank you for your advice. 

This is my first time on an ASA, hence the amateur mistakes. 

 

Can you please look into the following discussion I have just posted. I have run into another problem. 

 

https://community.cisco.com/t5/network-security/upgrade-asa5545-firmware-version-9-4-3-to-asa-version-9-6-3-1/m-p/4036257#M1067023

 

 

Thanks

 

Review Cisco Networking for a $25 gift card