Recover Lost Pre-Shared Keys

Posted on in Networking

cover image for article

Not everyone has a great password maintenance process. If you run into a situation where the group pre-shared keys for your VPN are lost, you face the option of changing the existing key (and breaking any users that are currently working), or creating a new group with a new key.

On a Cisco ASA, looking through the configuration doesn't reveal the group pre-shared key:

FIREWALL# show running-config
<snip>
tunnel-group CORPORATE ipsec-attributes
 pre-shared-key *

All is not lost!

The trick to recovering the group pre-shared key is to view the configuration with more system:running-config.

FIREWALL# more system:running-config
<snip>
tunnel-group CORPORATE ipsec-attributes
 pre-shared-key coshtyivfi

Slaptijack's Koding Kraken