IPSec PSK-Encryption im Cisco IOS 12.3(2)T

Posted by Karsten on Donnerstag, November 24, 2005 · Kommentar schreiben 

an example-configuration for the storage of encrypted pre-shared-keys in IOS 12.3(2)T.

  • This feature allows the encryption of IPSec pre-shared-keys in the config.
  • 12.3(2)T Feature

Configuration
A Master-key has to be configured. This Master-key, which is stored in the private config of the router and never shown in the running config, is used to decrypt the preshared keys:


Router (config)# key config-key password-encryption Master-Key

the passwords should be encrypted with aes:


Router (config)# password encryption aes

the pre-shared keys are configured:


Router (config)# crypto isakmp key 0 test123 address 10.1.0.1

when showing the running-config, the psk is encrypted (type 6):


Router# show running-config | i crypto isakmp key
crypto isakmp key 6 RHZE[JACMUIbcbTdELISAAB address 10.1.0.1

the pre-shared-key is also not shown with „show crypto isakmp key“:


Router# show crypto isakmp key
Keyring		Hostname/Address		Preshared Key

default		10.1.0.1			(encrypted)

Related Posts

  1. Der Schutz hinter “service password-encryption” im Cisco IOS
  2. IPSec: manual configuration in Cisco IOS
  3. IPSec Tunnel Interfaces
  4. Cisco IOS: Uniform Fragmentation bei IPSec
  5. Generieren von Crypto-Keys

Filed under Cisco, Cisco - Security · Tagged with , , ,

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!