cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
10
Helpful
5
Replies
Highlighted
Beginner

ASA Startup Configuration Encrypted Text

I am looking for some guidance and/or explanation on how the running config and startup config treat encrypted text on an ASA5505.  I have noticed that if you issue a show running config, under aaa-server RADIUS config the key statement has ***** however if you issue a show startup config, under the aaa-server RADIUS config the same key statement is clear text. 

Is the just the behavior of how the running config and startup config are handled in an ASA?  Is there a way to change this behavior?

 

Thanks.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Collaborator

Re: ASA Startup Configuration Encrypted Text

Hi,

 

   On the ASA, the secure keys are not displayed in "show run" or "show start" by design, for security purposes, to prevent shoulder watching attacks on passwords. The way to see the clear-text password is by copying the config file to a remote TFTP/FTP server, or by running the command "more system:running-config".

  If you see the clear-text pass on "show start" it means you need to upgrade.

 

Regards,

Cristian Matei.

View solution in original post

5 REPLIES 5
Highlighted
VIP Engager

Re: ASA Startup Configuration Encrypted Text

run this command

 

more system:running-config

 

this will show your the passwords,

please do not forget to rate.
Highlighted
Beginner

Re: ASA Startup Configuration Encrypted Text

I am not looking for the clear text passwords in the running config but wanted to know why the startup config shows the key in clear text.   

 

Thanks.

Highlighted
Collaborator

Re: ASA Startup Configuration Encrypted Text

Hi,

 

   On the ASA, the secure keys are not displayed in "show run" or "show start" by design, for security purposes, to prevent shoulder watching attacks on passwords. The way to see the clear-text password is by copying the config file to a remote TFTP/FTP server, or by running the command "more system:running-config".

  If you see the clear-text pass on "show start" it means you need to upgrade.

 

Regards,

Cristian Matei.

View solution in original post

Highlighted
Beginner

Re: ASA Startup Configuration Encrypted Text

Looks like it is related to version. We are running some older code on these ASAs. The ASAs with 9.1(2) display clear text RADIUS key in startup config but the ASAs with 9.1(7) do not display clear text RADIUS key in startup config. We will be replacing these aging ASAs soon.

I appreciate the feedback !
Highlighted
Collaborator

Re: ASA Startup Configuration Encrypted Text

Hi,

 

   If you get this different behaviour between 9.1(2) and (.1(7), this is most likely a bug, not a version issue.

 

Regards,

Cristian Matei.