How to Configure a Preshared Key on a VPN Client. In Control Panel, double-click Network Connections. Under the Virtual Private Network section, right-click the connection for which you want to use a preshared key, and then click Properties. Click the Security tab. Click IPSec Settings. IPsec Pre-Shared Key Generator PSK Generator provides a secure process to negotiate a 64-byte IPsec Pre-Shared Key (also known as a Shared Secret or PSK) through insecure means, such as email. Note: This page uses client side javascript.
Networks TrainingOne of the ways to configure authentication between two Cisco ASA firewalls having a site-to-site IPSec VPN tunnel between them is to configure a pre-shared key under the tunnel group attributes. This is actually the most common implementation of IPSEC lan-to-lan authentication that you will find in most real life networks.
The pre-shared key must be the same on both IPSEC VPN devices between which the secure tunnel is created. To configure the pre-shared key on a Cisco ASA:
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key key123
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key key123
Now, after configuring the pre-shared key, it is stored as encrypted hash on the ASA appliance and therefore when you view the running configuration (show run) you don’t see the actual clear text key anymore (i.e instead of “key123” you will see “*”).
Ciscoasa# show run
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key *
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key *
The problem arises when you forget the pre-shared key after a few months and you want to change one of the VPN tunnels. This situation happened to me recently when I had to change the public IP address on one of the ASA sites which had a Lan-to-Lan tunnel with a second ASA. Therefore I had to reconfigure the tunnel group and re-enter the old pre-shared key. However, I did not have it stored in clear text anywhere. The way to recover the pre-shared key is actually simple. Use the more system:running-config command. This command shows the pre-shared key in clear text format:
![Pre Pre](/uploads/1/2/6/0/126071700/402781388.jpg)
Ipsec Vpn Pre Shared Key Generator Download
Ciscoasa# more system:running-config
…..
…..
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key key123
…..
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key key123
Related Posts
- Password Recovery for the Cisco ASA 5500 Firewall (5505,5510,5520 etc)
- Cisco ASA 5505, 5510 Base Vs Security Plus License Explained
- Cisco ASA 5500-X Firewall Security Levels Explained
- How to Block HTTP DDoS Attack with Cisco ASA Firewall
- How to Block Access to Websites with a Cisco ASA Firewall (with FQDN)