IPSec PSK-Encryption im Cisco IOS 12.3(2)T

an example-configuration for the storage of encrypted pre-shared-keys in IOS 12.3(2)T.

  • This feature allows the encryption of IPSec pre-shared-keys in the config.
  • 12.3(2)T Feature

A Master-key has to be configured. This Master-key, which is stored in the private config of the router and never shown in the running config, is used to decrypt the preshared keys:

Router (config)# key config-key password-encryption Master-Key

the passwords should be encrypted with aes:

Router (config)# password encryption aes

the pre-shared keys are configured:

Router (config)# crypto isakmp key 0 test123 address

when showing the running-config, the psk is encrypted (type 6):

Router# show running-config | i crypto isakmp key
crypto isakmp key 6 RHZE[JACMUIbcbTdELISAAB address

the pre-shared-key is also not shown with „show crypto isakmp key“:

Router# show crypto isakmp key
Keyring		Hostname/Address		Preshared Key

default			(encrypted)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.