Limitation of current IOS on routers. PIX 5.3 and higher addressed this
problem. Hopefully future release of IOS will do the same.
Sam
----- Original Message -----
From: Aaron E. Earle
To: cciesecurity@xxxxxxxxxxxxxxx ; security@xxxxxxxxxxxxxx
Sent: Friday, November 29, 2002 6:31 PM
Subject: [cciesecurity] FW: Seeing keys in config
I have a symmetric "PRE-Shared Key" VPN running on Cisco routers and I have
a question.
When you do a show running-config on IPSec routers the keys are in clear
text. Dose any one know if there is a way to hash this so in the event of
management, change control, or troubleshooting no one is able to see the key?
I have enabled all commands to encrypt the console, Telnet, and Enable
passwords but this dose not effect the IPSec key?
To my knowledge this is not possible with a Cisco device?
I have used and set up many VPN's and Cisco is the only vendor I have seen
not hashing or somehow blocking there keys from being viewed.
Aaron E. Earle
Yahoo! Groups Sponsor
ADVERTISEMENT
To unsubscribe from this group, send an email to:
cciesecurity-unsubscribe@xxxxxxxxxxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
