h1

Find Pix VPN password

August 1, 2008

Ok, so an interesting problem I came across today, I needed to confirm what the password for a IPSEC tunnel was on a pix, without changing it. The dilemma was that it shows as *******, not very useful!?

–snip–
crypto map IPSEC interface outside
isakmp enable outside
isakmp key ******** address 10.11.12.13 netmask 255.255.255.255 no-xauth
isakmp policy 100 authentication pre-share
–snip–

To find the password do the following

Setup a TFTP-server and create a file to upload the pix config to. Make sure you have write and access permission to that file, and also confirm that the pix can reach the tftp-server beforehand.

Then from the pix:

Pix 6.35 Syntax

tftp-server [<if_name>] <ip> <directory>
write net [<tftp_ip>]:<filename>

Example:

(config)# tftp-server outside 196.23.0.9 /
(config)# write net 196.1.1.1:myfw
Building configuration…
TFTP write ‘//myfw’ at 196.1.1.1 on interface 0
[OK]

The file containing the config “myfw” should list the password in plain text.

–snip–
crypto map IPSEC interface outside
isakmp enable outside
isakmp key qweRTY!@# address 10.11.12.13 netmask 255.255.255.255 no-xauth
isakmp policy 100 authentication pre-share
–snip–

Advertisements

One comment

  1. One can also use more:system:running-config command to reveal the password.



Please leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s