Command to know current Pre-share keys

[lashboy]

I have to change the circuit to new provider with new ip information.. I have configured router already so all I wana change pix firewall configuration.. since I m changing IP information at main location so I have to go to brach offices and change peer and every thing .. i dont know pre-share keys so I think I m assigning keys again!( is there any command
I can know current pre-share keys)


This is what I m going to so if u think any thing wrong or that will cause problem please sugget me becuase business can not go down for more than 30 minutes plz

router serial interface XX.xx.xx.xx and router ethernet is xx.xx.xx.xx




HUT Location

no ip address outside yy.yy.yy.yy subnet

ip address outside xx.xx.xx.xx SM

no route outside 0.0.0.0 0.0.0.0 yy.yy.yy.yyy

route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx

because i dont know keys so I think am assigning keys again !! ( or is there any command i can know current keys)


no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>


isakmp key 12345 address <ip address>
isakmp key 12345 address <ip address>
isakmp key 12345 address <ip address>
isakmp key 12345 address <ip address>
isakmp key 12345 address <ip address>
isakmp key 12345 address <ip address>



-------------------++++++++++++++++------------------------------


Branch Office 1


no crypto map AA 25 set peer <ip address>
crypto map AA 25 set peer <ip address> new peer

isakmp key 1234 address <ip address>


Branch2


no crypto map AA 25 set peer <ip address>
crypto map TIX 25 set peer <ip address>
isakmp key 12345 address <ip address>



Branch 3




no crypto map AA 25 set peer <ip address>
crypto map AA 25 set peer <ip address>

isakmp key 12345 address <ip address>

STUDIO CITY

NO crypto map AA 25 set peer <ip address>

crypto map AA 25 set peer <ip address>

isakmp key 12345 address <ip address>

 

[NetworkGhost]

I dont know of any command that will show the preshare key. What I would try is backing it up to a TFTP server, Find the Key in the backup file. I have never really looked at the key in a TFTP file so I dont know for sure how it will look. If it is clear text your good to go if not you may be able to google a Cisco Password decrypter and try in in one of those to get the key.

 

[ChrisAC]

I can confirm that if you copy the config to a tftp server then the isakmp key is displayed in clear text.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[lashboy]

Thanks Chris!!

what about I assign keys again with following commnads,

I have 5 peers

no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>
no isakmp key ******** address <ip address>

also do same on remote side on each pix firewall using SSH
will that caused any problem! ??