{"id":43,"date":"2005-11-24T18:58:53","date_gmt":"2005-11-24T17:58:53","guid":{"rendered":"http:\/\/security-planet.de\/?p=31"},"modified":"2005-11-24T18:58:53","modified_gmt":"2005-11-24T17:58:53","slug":"ipsec-psk-encryption","status":"publish","type":"post","link":"https:\/\/cyber-fi.net\/index.php\/2005\/11\/24\/ipsec-psk-encryption\/","title":{"rendered":"IPSec PSK-Encryption im Cisco IOS 12.3(2)T"},"content":{"rendered":"<p>an example-configuration for the storage of encrypted pre-shared-keys in IOS 12.3(2)T.<!--more--><\/p>\n<ul>\n<li>This feature allows the encryption of IPSec pre-shared-keys in the config.<\/li>\n<li>12.3(2)T Feature<\/li>\n<\/ul>\n<p><strong>Configuration<\/strong><br \/>\nA Master-key has to be configured. This Master-key, which is stored in the private config of the router and never shown in the running config, is used to decrypt the preshared keys:<\/p>\n<pre class=\"code\"><code>\nRouter (config)# key config-key password-encryption <em>Master-Key<\/em>\n<\/code><\/pre>\n<p>the passwords should be encrypted with aes:<\/p>\n<pre class=\"code\"><code>\nRouter (config)# password encryption aes\n<\/code><\/pre>\n<p>the pre-shared keys are configured:<\/p>\n<pre class=\"code\"><code>\nRouter (config)# crypto isakmp key 0 test123 address 10.1.0.1\n<\/code><\/pre>\n<p>when showing the running-config, the psk is encrypted (type 6):<\/p>\n<pre class=\"code\"><code>\nRouter# show running-config | i crypto isakmp key\ncrypto isakmp key 6 RHZE[JACMUIbcbTdELISAAB address 10.1.0.1\n<\/code><\/pre>\n<p>the pre-shared-key is also not shown with \u201eshow crypto isakmp key\u201c:<\/p>\n<pre class=\"code\"><code>\nRouter# show crypto isakmp key\nKeyring\t\tHostname\/Address\t\tPreshared Key\n\ndefault\t\t10.1.0.1\t\t\t(encrypted)\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>an example-configuration for the storage of encrypted pre-shared-keys in IOS 12.3(2)T.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"twitterCardType":"","cardImageID":0,"cardImage":"","cardTitle":"","cardDesc":"","cardImageAlt":"","cardPlayer":"","cardPlayerWidth":0,"cardPlayerHeight":0,"cardPlayerStream":"","cardPlayerCodec":"","footnotes":""},"categories":[5,7],"tags":[307,317,358],"class_list":["post-43","post","type-post","status-publish","format-standard","hentry","category-cisco","category-cisco-security","tag-ios","tag-ipsec","tag-konfiguration"],"_links":{"self":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":0,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/43\/revisions"}],"wp:attachment":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/media?parent=43"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/categories?post=43"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/tags?post=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}