Solved: IPSEC Crypto Key not encrypted in running-config

CiscoBrownBelt · ‎04-21-2020

I use the 6 parameter in the following however key still shows in running-config on a ISR800 router. How do I make it appear encrypted format in running-config:

crypto isakmp key 6 TESTJ=KEY address 1234

Rob Ingram · ‎04-21-2020

Hi,

Define the pre-shared key in cleartext without the "6" e.g. "crypto isakmp key TESTJ=KEY address 1234" once the following commands have been configured:-

key config-key password-encrypt testkey123
password encryption aes

...the pre-shared key will then appear as encrypted in the running configuration.

Reference here.

HTH

View solution in original post

Rob Ingram · ‎05-05-2020

No, it should not cause any impact if a tunnel is already established.

View solution in original post

Rob Ingram · ‎04-21-2020

Hi,

Define the pre-shared key in cleartext without the "6" e.g. "crypto isakmp key TESTJ=KEY address 1234" once the following commands have been configured:-

key config-key password-encrypt testkey123
password encryption aes

...the pre-shared key will then appear as encrypted in the running configuration.

Reference here.

HTH

CiscoBrownBelt · ‎04-21-2020

Awesome thanks again!

CiscoBrownBelt · ‎05-05-2020

Entering this command for a tunnel that is currently up should not break it correct as it only applies to how the password is shown in the run or start config correct?

Rob Ingram · ‎05-05-2020

No, it should not cause any impact if a tunnel is already established.

CiscoBrownBelt · ‎05-05-2020

Thanks!

CiscoBrownBelt · ‎05-06-2020

Looks like I had to make sure the "6" was still not displayed in running config for this to work.