Many years after the original post but 'service password-encryption' will not hide the isakmp key.Instead, it can be encrypted using a device defined AES key as outlined here: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-...

If it helps anyone else, I was trying to break the boot loop via remote console which didn't work even using PuTTY's Special Command > Break. Connecting locally to the device via console cable allowed the boot loop to be broken straight away. This th...

Hi Michael, Did you have any luck breaking your boot loop? I've tried ctrl+break at all points but no luck... Regards,Carl

Even later to the party...despite having the above configuration in place, I don't see a log message in my logging buffer or sent to syslog when the configuration is saved (write memory) on some devices. I expect to see this: %SYS-6-PRIVCFG_ENCRYPT_S...

Hi Trent, Thanks for coming back to me. So was the resulting behaviour that all sessions were forwarded from the LAC to a separate LNS or were you using the LAC to terminate some sessions (and act as an LNS) but forward others? Perhaps I have misund...