09-06-2010 01:27 PM - edited 03-06-2019 12:51 PM
Hello Expert,
I using DMVPN to configure my tunnel between the Hub and spokes.
I discovered my pre-share key are shown in clear text when i do sh run config command.
How can i correct this.
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)
Regards
Jomo
Solved! Go to Solution.
09-07-2010 01:42 PM
Hello Jomo,
what IOS image is running on the hub ?
you can try to use
conf t
service password encryption
warning: but this will encrypt all passwords in configuration
check the syntax as I couldn't verify it.
Hope to help
Giuseppe
09-06-2010 01:52 PM
rbglusers wrote:
Hello Expert,
I using DMVPN to configure my tunnel between the Hub and spokes.
I discovered my pre-share key are shown in clear text when i do sh run config command.
How can i correct this.
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx address pp.pp.pp.11 (note i just edit the key for the purpose of this post)
Regards
Jomo
Jomo
See this document to answer your query -
Encrypt pre-shared keys in IOS
Jon
09-07-2010 09:58 AM
hello jon,
I read the document as per link and i am able to encrypt the pre-share key on the spoke but not on the hub,
When I add a new pre-share for the any spoke end point it is showing the clear text
A quick outline i have a hub router connect to around 7 spoke
I am using dmvpn to configure the vpn tunnels
as part of the ike policy i am adding unique pre-share key per spoke,as oppose to a single pre-share key for all.
I found only when i configure the 0.0.0.0 network i am able to get the encryption as showing below:-
IKE PRE-SHARE KEY CONFIGURATION ON THE HUB
-------------------------------------------------------------------------------------------------
crypto isakmp key thisatestkeyconfigurationnumber2 address ppp.xxx.rrr.2
crypto isakmp key thisatestkeyconfigurationnumber1 address eee.sss.www.17
crypto isakmp key #Zjq>eaRc2[KAsgj:`U7oBP\+o.qiZ-@ address 0.0.0.0 0.0.0.0
I am unsure how to move forward.
Regards
09-07-2010 01:42 PM
Hello Jomo,
what IOS image is running on the hub ?
you can try to use
conf t
service password encryption
warning: but this will encrypt all passwords in configuration
check the syntax as I couldn't verify it.
Hope to help
Giuseppe
09-08-2010 07:16 AM
hello Giustar,
VERSION
This is the show version output of the router: show version
!----------------------------------------------------------------------------
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 28-Nov-07 21:10 by stshen
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
uptime is 7 weeks, 3 days, 15 hours, 6 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advsecurityk9-mz.124-3i.bin"
>>>> you can try to use
conf t
service password encryption
This command is alredy on the router see subset of my running configuration below
router07#sh run
Building configuration...
Current configuration : 6769 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
Regards
Jomo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide