Recover Lost Pre-Shared Keys

Old Cisco Systems LogoNot everyone has a great password maintenance process. If you run into a situation where the group pre-shared keys for your <acronym title="Virtual Private Network">VPN</acronym> are lost, you face the option of changing the existing key (and breaking any users that are currently working), or creating a new group with a new key.


On a Cisco ASA, looking through the configuration doesn't reveal the group pre-shared key:

FIREWALL# show running-config
tunnel-group CORPORATE ipsec-attributes
 pre-shared-key *

All is not lost!

The trick to recovering the group pre-shared key is to view the configuration with more system:running-config.

FIREWALL# more system:running-config
tunnel-group CORPORATE ipsec-attributes
 pre-shared-key coshtyivfi

My Bookshelf

Reading Now

Other Stuff