Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
377
Views
0
Helpful
1
Replies

Is possible to encrypt the key of vpn

emily
Level 1
Level 1

‎12-21-2006 07:52 AM

When i show run , I can saw that my setting vpn key as clear-text(crypto isakmp key cisco address x.x.x.x)on cisco 2800 serires , I want to know any command can change the key as encrypt?

I know PIX firewall can be change the key automatic to encrypt (isakmp key ******** address x.x.x.x) , all of another cisco router can do same as pix

Labels:
0 Helpful
1 Reply 1

ajagadee
Cisco Employee
Cisco Employee

‎12-21-2006 10:04 AM

Emily,

Please refer the below URL for the ISAKMP key encryption

http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configurat

ion_example09186a00801f2336.shtml

Basically you have to enter two commands

key config-key password-encryption [master key]

password encryption aes

The master key is not stored in the router configuration and cannot be

seen or obtained in any way while connected to the router. After these

commands, the password will be encrypted. Please note, that you don't

have to enter the password with the option "6", but with "0".

So if you configure a pre-shared key, you may enter the following:

crypto isakmp key 0 apple address 1.1.1.1

and the show running configuration line would look like

crypto isakmp key xxx address 1.x.x.1

The option "6" says, it will be the encrypted password afterwards, not to encrypt the password.

I hope it helps. Please refer the below URL for additional details

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5207/products_fea

ture_guide09186a00801a7a7a.html

Regards,

Arul

** Please rate all helpful posts **

0 Helpful
Customers Also Viewed These Support Documents