Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2786
Views
0
Helpful
5
Replies

Facing issue after config-key password-encrypt command

mandeepku
Level 1
Level 1

‎04-27-2013 12:26 AM

Hi,

I configured command:

key config-key password-encrypt **********Router(config)#password encryption aes

  to encrypt all other keys in the router configuration       with the use of an Advance Encryption Standard (AES) symmetric cipher.

I specifically do this for encypting ISAKMP key in router configuration.

I am facing a problem whenever router reboot, after reboot it is not taking encrpted key in encrypted form but considering it as plaintext.

Due to this IPSEC is not working after reboot and throwing an error message "IKE message from x.x.x.x failed its  sanity check or is malformed"

Pls let me know the solution to overcome the problem.

like to add one more thing, whenever i reboot the router i need to run key config-key password-encrypt command to establish phase one of IPSEC.

Thanks in advance.

Labels:
15359226-Config.txt.zip
0 Helpful
5 Replies 5

mandeepku
Level 1
Level 1

‎04-28-2013 12:56 AM

hi guys,

anybody having any clue about the problem???

Pls help

0 Helpful

rpadwal
Cisco Employee
Cisco Employee
In response to mandeepku

‎04-30-2013 10:48 AM

Hi Mandeep,

Please follow the link and let me know if it helps.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_preshare.pdf

Please write the config to mem and test, after reload the keys still remain encrypted.

Thanks and Regards,

        ROHAN 

Thanks and Regards, ROHAN :)
0 Helpful

mandeepku
Level 1
Level 1
In response to rpadwal

‎05-01-2013 02:14 AM

Thanks Rohan for info shared by you.

I am facing problem only when router reboot, once router reboot ISAKMP keys are shown in encrypted form only in configuration file but i have to execute  key config-key password-encrypt **********  command to make router understand that it is encrypted password. 

Till the time i will not run key config-key command it will not be able to know that password stored in configuration file is encrypted. (definetly i am doing wr mem every time).

note --> After router reboot when i configure "key config-key" command, at that time it is not asking for old key that means command become null and void after reboot.

DOC shared by you is not providing any help o the existing problem.

Pls share some other method to resolve the issue.

Thanks for your reply:)

0 Helpful

rpadwal
Cisco Employee
Cisco Employee
In response to mandeepku

‎05-01-2013 03:02 AM

Hi Mandeep,

will try and recreate this and will update soon

when router reboots can you share the debug output for the follwoing command

debug cry isa 255

Thanks

ROHAN 

Thanks and Regards, ROHAN :)
0 Helpful

mandeepku
Level 1
Level 1
In response to rpadwal

‎05-03-2013 05:17 AM

Hi Rohan,

At the time of problem i get the following error for ipsec:

%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 172.16.6.2
  failed its sanity check or is malformed

Pls assist.

Thanks n regards

mandeep

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents