[c-nsp] Retrieving *'d secrets in PIX6.3(5)

Ryan West rwest at zyedge.com
Wed Aug 18 16:27:02 EDT 2010


Jason

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Jason Lixfeld
> Sent: Wednesday, August 18, 2010 4:04 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Retrieving *'d secrets in PIX6.3(5)
> 
> In current PIX/ASA OS 7+, one is able to look at things like *'d out
> ipsec/isakmp secrets using 'more system:running-configuration' which makes
> it easy to move the config over to a new box or something.  Is there a way to
> do the same thing with PIX6?  6.3(5) more specifically?  I'm looking to
> upgrade a couple of PIX firewalls to proper ASAs and would like to avoid
> having to reconfigure every IPSec client (dynamic and static) that terminates
> on this box currently.
> 

Dump it to a TFTP server using write net.  You'll have all your passwords then.

-ryan



More information about the cisco-nsp mailing list