[c-nsp] Retrieving *'d secrets in PIX6.3(5)
Peter Rathlev
peter at rathlev.dk
Wed Aug 18 16:29:16 EDT 2010
On Wed, 2010-08-18 at 16:03 -0400, Jason Lixfeld wrote:
> In current PIX/ASA OS 7+, one is able to look at things like *'d out
> ipsec/isakmp secrets using 'more system:running-configuration' which
> makes it easy to move the config over to a new box or something. Is
> there a way to do the same thing with PIX6? 6.3(5) more specifically?
> I'm looking to upgrade a couple of PIX firewalls to proper ASAs and
> would like to avoid having to reconfigure every IPSec client (dynamic
> and static) that terminates on this box currently.
You can copy the configuration to a TFTP server. The result contains the
keys' real values.
--
Peter
More information about the cisco-nsp
mailing list