an example-configuration for the storage of encrypted pre-shared-keys in IOS 12.3(2)T.
- This feature allows the encryption of IPSec pre-shared-keys in the config.
- 12.3(2)T Feature
A Master-key has to be configured. This Master-key, which is stored in the private config of the router and never shown in the running config, is used to decrypt the preshared keys:
Router (config)# key config-key password-encryption Master-Key
the passwords should be encrypted with aes:
Router (config)# password encryption aes
the pre-shared keys are configured:
Router (config)# crypto isakmp key 0 test123 address 10.1.0.1
when showing the running-config, the psk is encrypted (type 6):
Router# show running-config | i crypto isakmp key crypto isakmp key 6 RHZE[JACMUIbcbTdELISAAB address 10.1.0.1
the pre-shared-key is also not shown with „show crypto isakmp key“:
Router# show crypto isakmp key Keyring Hostname/Address Preshared Key default 10.1.0.1 (encrypted)