Cisco ASA Pre-shared Key Recovery

If you are responsible for any device running Cisco ASA OS and make use of pre-shared-keys with VPN tunnels, there will come a time when you will need access to those VPN keys.

There are two ways to get the pre-shared-keys from running-config, first the local version:

asa# more system:running-config
...

This will output the running-config with the pre-shared-keys in plain text.

The second method and the one that should be setup in most cases. Recovery pre-shared-key from TFTP backup of the Cisco ASA configuration. Check the running-config for something similar to the following:

asa#archive
asa(config-archive)#path tftp://192.168.1.2/$h
asa(config-archive)#exit

The backup configs on the auto archive TFTP server will be in plain text.

No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>