April 17, 2015

The Cisco ASA is a very popular firewall and not only that, it’s also Cisco’s flagship VPN concentrator after discontinuing the VPN 3000 Concentrator a few years ago.

Many Admins may know this problem. The ASA was inherited by the previous engineer(s), nothing has been documented – the usual. Now the company wants to migrate the ASA to a newer model and the question arises? Who has the PSK for the VPN (Pre-Shared Key). The “show run” output will show *** which is not any good 🙂

There is an easy way of recovering the key. Good for Admins!! Bad for Security!! A lot of Cisco Admins believe that the PSKs are not recoverable on the ASA or PIX – wrong. They can be easily recovered:

show run

tunnel-group MARTIN ipsec-attributes
ikev1 pre-shared-key *****

more system:running-config

tunnel-group MARTIN ipsec-attributes
ikev1 pre-shared-key cisco



Comments are closed.