Re: VPN Passwords lost using Resource Manager

7dallen · ‎07-22-2004

Hello,

I am using Cisco works resource manager to keep track of Firewall configurations as well as other devices. Everything is working great except during a configuration restore, the passwords for preshared Ike VPNs is corrupt. I believe they are being read as asteriks, and I have to manually re enter the keys.

I maintain a host of different versions of Pix firewalls 520's, 525's, 515's etc.. all using firewall OS 6.1 thru 6.3. and they all have the same problem.

I am using Cisco Works 2.2 with resource manager version 3.5, and management center 1.1 for firewalls.

I searched on the website for any caveats for the RM versions, and I was not successful in solving my question. Is there a service patch release that addresses this problem? Or how can I configure RM to read the passwords in the firewall configuration.

Thanks in advance.

nkhawaja · ‎07-26-2004

Hi,

I dont think passwords can be read via RM or any tool like PIXMC etc. It usually is one way md5 hash. It ain't easy to break. you have to manually enter the passwords in the RM or any other MC.

7dallen · ‎07-27-2004

I was hoping it would be a some kind of PIX statement(possibly undocumented), or a patch/configuration option for RM.

This does put a wrench into what I believe resource manager should be doing, configuration inventory and disaster recovery.

In the area for Disaster recovery, the problem is we have a customer base that may elect to not give passwords to certain VPN devices. We could have them keep a text document with the config lines to paste into the firewall, but that should be a function RM is expected to do.

Thanks for the inputs,

>reluctantly clicking notepad