AnyConnect and Pre-Shared Keys

Similar Messages

• Mobile Devices (Android and iOS) cannot Connect to WS 2008 RRAS L2TP VPN with Pre-Shared Key

  I have my Windows Server 2008 standard installed with RRAS service and configure with L2TP VPN with pre-shared key. Services such as Active Directory, DHCP and DNS are not installed. The Internet connection doesn't pass through a router to my server machine.
  I have the Verizon fios Internet cable plugged in to the server machine directly.
  PCs running Windows and Mac OS X can connect to the server without problem. When I tried to connect by using android or iOS mobiles and tablets, they cannot connect to the server. If I change the VPN type to PPTP, the mobile devices can connect successfully
  but I would like to use IPSec/L2TP since it's more secure.
  I tried so hard to look for the solution for this issue on Internet but I had no luck on that. Can anyone please provide me some help, please ?
  Thanks,
  CK

  Hi CK,
  I think we may need to create a policy in Network Policies. Please follow the steps below,
  Right click Network Policies, Click New.
  Enter the policy name, click Next.
  Click Add, select the Day and Time Restrictions, click
  Add.
  In the Day and Time Restrictions, choose Permited for
  all, click OK.
  Click Next five times(leave everything default), click
  Finish.
  Move the policy to top and try to connect with your device.
  If issue persists, please make sure that the Connection Requet Policies have been configured properly.
  For detailed information about how to create a network policy, please refer to the link below,
  Configuring NPS network policies
  http://technet.microsoft.com/en-us/library/dd441006.aspx
  Best Regards.
  Steven Lee
  TechNet Community Support

• ASA Iphone, Ipad VPN client pre-shared key (PSK) special characters bug

  I ran into this in a deployment of IPSec clients with apple ipad and iphone native vpn client. Here are details:
  Cisco ASA 8.2.5 OS
  Ipad, running 5.0.1
  Iphone i4S, running OS 5.0.1
  Special characters make your pre-shared key more secure, so i used a password generator app to make one that coincidently included a " (quotation mark). After configuring this PSK on a Ipad, i was unable to connect. I saw nothing in the ASA logs, indicating the Ipad didnt even try to connect.
  The Ipad generated the following error message:
  VPN Connection
  A configuration error occured
  OK Button
  After searching for quite some time, i found this somewhat obscure reference to the bug:
  http://blogs.oreilly.com/iphone/2008/07/strong-passwords-can-hurt.html
  Special thx to this guy!
  So i started to test special characters to see what would work, adding in 1 character at a time. Here is where I stopped:
  pre-shared-key !@#$%^&*()_-+=;:'<>,.
  These characters worked in the PSK. If you are curious, and want to play, have fun. I assume the alphnumerics will work since those are pretty standard.
  As a side note, here are a few more interesting items:
  1) The " (quote mark) does work when you run the real cisco vpn client. This was successful on a Windows 7 laptop with 5.X VPN Client.
  2) The ? (question mark) doesnt work as well, but that is a little easier to figure out because when you configure it on the ASA, context-sensitive help kicks in and knocks you off the config line.
  3) Iphone I4S suffers from the same issue - doesnt like quotes.
  4) Android is probably not affected by this bug, but I tested on an open source TUN driver- enabled adroid - not the bionic.
  Hope that saves someone some time, sometime!
  W

  Thanks for the tip.
  Help stamp out special characters in passwords. Their "strength" is a myth!
  Explained nicely here: http://xkcd.com/936/

• Show clear text pre shared key asa 5500.....

  I have read several of the posts on how to show your pre shared keys in clear text.  I am in the process of converting a 5520 over to a 5525-x and I got to the point where I need the pre-shared keys
  the    more system:running-config     command does NOT show the clear text of the keys nor does access the file via https:// either.
  the 5520 is running Software Version 8.4(2)18
  any thoughts how I can wrestle this info out of the asa as I'm not getting anywhere with what seems to have worked for a few others.
  Thank in advance
  Sincerely
  Paul

  The command  more system:run  should show you those keys.
  Couple things that I have seen
  I have seen it where someone configured pre-shared key by cutting and pasting the key as it is shown when you do a show run, so it was entered as ****. You can check this buy entering a dummy config with a key and then run the more system:run and see if it shows up.
  also check the privilege level of your login and make sure it is 15.
  Mike

• Wlan Pre-shared key

  I have an n97 mini and I'm trying to get access to a wireless open network ( there is no padlock next to the strenght signal) but it is showing 'enter wlan pre-shared key' but if its open why should I enter a password. Help please

  You could try setting up your access point as follows.
  Goto Settings>Connectivity>Settings>Destinations>Add new access point. If it still does not store your passphrase, select the access point you have just set up then goto WLAN security settings>Pre-shared key and enter it here manually.

• "Bad Pre-Shared Key at station ........"

  Hey everyone, Today I tried to connect a dell laptop (inspiron 5000e) to my wireless network, via a Netgear wireless card. I am able to connect to the network, but I am unable to load a webpage. When I go into my airport utility on my mac and look at the error log for the base station the message is "Bad Pre-Shared Key at station ........ " Does this mean anything?

  Are you using WPA2? If you are try getting this Microsoft update: http://www.microsoft.com/downloads/details.aspx?familyid=662BB74D-E7C1-48D6-95EE -1459234F4483&displaylang=en

• ASA Pre shared key

  I am currently using an ASA 5550 version 8.2 anwith ASDM version 6.2.
  I have a ASA 5505 in remote area and cannot connect via VPN.
  My logs say maybe mismatched pre-shared key.
  On my 5550, via the ASDM I used the command more system:running-config and it will not show my pre shared key in plain text, only shows a *.
  Any help would be appreciated.

  Remote asa:
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.200.1.209 255.255.255.240
  interface Vlan2
  nameif outside
  security-level 0
  ip address 172.25.62.226 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  access-list nonat extended permit ip 10.200.1.208 255.255.255.240 10.199.1.0 255                                                                                                 .255.255.0
  access-list nonat extended permit ip 10.200.1.208 255.255.255.240 10.10.144.0 25                                                                                                 5.255.252.0
  access-list VPNL2L extended permit ip 10.200.1.208 255.255.255.240 10.199.1.0 25                                                                                                 5.255.255.0
  access-list VPNL2L extended permit ip 10.200.1.208 255.255.255.240 10.10.144.0 2                                                                                                 55.255.252.0
  access-list 100 extended permit tcp host 89.254.12.35 host 10.200.1.213 eq www
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list nonat
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 172.25.62.225 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set mytrans esp-des esp-md5-hmac
  crypto map mymap 10 match address VPNL2L
  crypto map mymap 10 set peer 65.181.59.210
  crypto map mymap 10 set transform-set mytrans
  crypto map mymap 10 set security-association lifetime seconds 3600
  crypto map mymap interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp nat-traversal  21
  telnet timeout 5
  ssh 10.199.1.0 255.255.255.0 inside
  ssh 10.10.144.0 255.255.252.0 inside
  ssh timeout 5
  console timeout 0
  tunnel-group 65.181.59.210 type ipsec-l2l
  tunnel-group 65.181.59.210 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:65a0d93601b90ccc07830cddd673e13c
  : end
  Local ASA:
  ASA Version 8.2(1)
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 65.181.59.210 255.255.255.240
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 10.199.1.2 255.255.255.0
  interface GigabitEthernet0/2
  nameif insideNOV
  security-level 100
  ip address 10.10.144.47 255.255.252.0
  interface GigabitEthernet0/3
  shutdown
  no nameif
  security-level 100
  no ip address
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  interface GigabitEthernet1/0
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/1
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/3
  shutdown
  no nameif
  no security-level
  no ip address
  ftp mode passive
  clock timezone MST -7
  clock summer-time MDT recurring
  dns server-group DefaultDNS
  domain-name Rignet
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group service WML tcp
  description Remote wits data access
  port-object range 1 65535
  access-list aclin extended permit object-group DM_INLINE_PROTOCOL_9 any host 65.181.59.219
  access-list aclin extended permit object-group DM_INLINE_SERVICE_3 any host 65.181.59.216
  access-list aclin extended permit object-group DM_INLINE_PROTOCOL_6 any host 65.181.59.220
  access-list aclin extended permit object-group DM_INLINE_PROTOCOL_5 host 10.199.1.2 host 65.181.59.210
  access-list aclin extended permit object-group DM_INLINE_SERVICE_1 any host 65.181.59.222
  access-list no-nat remark Local Rules
  access-list no-nat extended permit ip Rignet 255.255.255.0 10.10.144.0 255.255.252.0
  access-list no-nat remark Local Rules
  access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 10.200.1.80 255.255.255.240
  access-list no-nat extended permit ip Rignet 255.255.255.0 ENI 255.255.255.240
  access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 ENI 255.255.255.240
  access-list no-nat extended permit ip Rignet 255.255.255.0 Norway_Office 255.255.255.240
  access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 Norway_Office 255.255.255.240
  access-list no-nat extended permit ip Rignet 255.255.255.0 BobbyVPN 255.255.255.0
  access-list no-nat extended permit ip 10.10.144.0 255.255.252.0 BobbyVPN 255.255.255.0
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in extended permit tcp any any
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit tcp interface inside any
  access-list inside_access_in remark Block port 135 for port scanning
  access-list inside_access_in extended deny 135 any any
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
  access-list test extended permit icmp any any echo
  access-list test extended permit icmp any any echo-reply
  access-list InsideNOV_access_in extended permit ip 10.200.0.0 255.255.0.0 10.10.144.0 255.255.252.0
  access-list InsideNOV_access_in extended permit object-group DM_INLINE_SERVICE_7 any any
  access-list InsideNOV_access_in extended permit object-group DM_INLINE_SERVICE_4 Rignet 255.255.255.0 10.10.144.0 255.255.252.0
  access-list InsideNOV_access_in extended permit object-group DM_INLINE_PROTOCOL_12 Norway_Office 255.255.255.240 10.10.144.0 255.255.252.0
  access-list InsideNOV_access_in extended permit object-group DM_INLINE_PROTOCOL_8 BobbyVPN 255.255.255.0 10.10.144.0 255.255.252.0
  access-list inside_acl extended permit object-group DM_INLINE_SERVICE_8 any any
  access-list inside_acl extended permit object-group DM_INLINE_SERVICE_5 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
  access-list inside_acl extended permit object-group DM_INLINE_SERVICE_6 Rignet 255.255.255.0 10.10.144.0 255.255.252.0
  access-list inside_acl extended permit object-group DM_INLINE_PROTOCOL_10 10.200.0.0 255.255.0.0 Rignet 255.255.255.0
  access-list inside_acl extended deny object-group DM_INLINE_PROTOCOL_11 host 192.168.56.1 any
  access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any any
  access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_2 10.10.144.0 255.255.252.0 Rignet 255.255.255.0
  access-list inside_access_in_1 extended permit ip Rignet 255.255.255.0 Rignet 255.255.255.0
  access-list inside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_7 BobbyVPN 255.255.255.0 Rignet 255.255.255.0
  access-list inside_access_in_2 extended permit object-group DM_INLINE_SERVICE_11 Rignet 255.255.255.0 Rignet 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  no logging message 106015
  no logging message 313001
  no logging message 313008
  no logging message 106023
  no logging message 710003
  no logging message 106100
  no logging message 302015
  no logging message 302014
  no logging message 302013
  no logging message 302018
  no logging message 302017
  no logging message 302016
  no logging message 302021
  no logging message 302020
  mtu outside 1500
  mtu inside 1500
  mtu insideNOV 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any insideNOV
  icmp permit any echo-reply insideNOV
  icmp permit any echo insideNOV
  asdm image disk0:/asdm-621.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  global (inside) 2 65.181.57.51 netmask 255.255.255.255
  nat (outside) 1 0.0.0.0 0.0.0.0
  nat (inside) 0 access-list no-nat
  nat (inside) 1 Rignet 255.255.255.0
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) 65.181.59.222 10.199.1.23 netmask 255.255.255.255
  static (inside,outside) 65.181.59.219 10.199.1.27 netmask 255.255.255.255
  static (inside,outside) 65.181.59.216 10.199.1.54 netmask 255.255.255.255
  static (inside,outside) 65.181.59.220 10.199.1.26 netmask 255.255.255.255
  access-group aclin in interface outside
  access-group inside_access_in_1 in interface inside
  access-group InsideNOV_access_in in interface insideNOV
  route outside 0.0.0.0 0.0.0.0 65.181.59.209 1
  route inside 153.15.156.217 255.255.255.255 65.181.57.51 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  aaa authorization command LOCAL
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  snmp-server enable traps syslog
  snmp-server enable traps ipsec stop
  snmp-server enable traps entity config-change
  sysopt connection tcpmss 1100
  sysopt noproxyarp inside
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set mySET esp-des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map myDYN-MAP 5 set transform-set mySET
  crypto dynamic-map myDYN-MAP 5 set security-association lifetime seconds 28800
  crypto dynamic-map myDYN-MAP 5 set security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map myMAP 65000 ipsec-isakmp dynamic myDYN-MAP
  crypto map myMAP interface outside
  crypto ca trustpoint Intelliserv.rignet.local
  enrollment terminal
  subject-name CN=Rignet5550
  keypair IntelliServ.rignet.local
  crl configure
  crypto ca trustpoint ASDM_TrustPoint3
  crl configure
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment terminal
  subject-name CN=Rignet5550
  password *
  crl configure
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 1
  authentication pre-share
  encryption des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp nat-traversal 21
  telnet timeout 5
  console timeout 0
  management-access inside
  no threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  group-policy myGROUP internal
  group-policy myGROUP attributes
  split-tunnel-policy tunnelspecified
  nem enable
  username GaileyB password 0oaTL6AGb4l6JKde encrypted privilege 15
  username rignetadmin password 3R8hQCl0jw5iU/r3 encrypted privilege 15
  tunnel-group DefaultL2LGroup ipsec-attributes
  pre-shared-key *
  tunnel-group mytunnel type remote-access
  tunnel-group mytunnel general-attributes
  default-group-policy myGROUP
  tunnel-group mytunnel ipsec-attributes
  pre-shared-key *
  tunnel-group 164.85.0.18 type ipsec-l2l
  tunnel-group 164.85.0.18 ipsec-attributes
  peer-id-validate cert
  chain
  tunnel-group-map default-group DefaultL2LGroup
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
  class class-default
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:a84cff45794fa5021237d51d5f87461e
  : end

• Wireless data encryption without pre-shared keys?

  Is there anyway to secure the data transmitted wirelessly without using pre-shared keys for encryption? I'm trying to allow residents to connect to the wireless network without having to go around and put wireless keys on all laptops.

  You could look into 802.1X with certificates. This still requires a certificate to be downloaded to the client, but there are several automated ways of doing this.
  You will need a certificate authority, and a RADIUS server (such as ACS). There's loads of documentation on CCO on how to configure this.
  HTH

• Extract pre-shared keys

  Hello there,
  Does anyone know how to decode/extract the pre-shared keys for the tunnels using either: ASDM 603 or the CLI on PIX 5520?
  Please shoot.
  Thks.

  The easier solution is:
  more system:running-config
  You can find more detail here:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00807f2d37.shtml
  And yes it should work on 8.x, I don't think this has changed.
  Regards
  Farrukh

• Crypto/pre-shared keys to crypto/pki worth doing?

  Hi,
  I have 10 VPN's that come into my ASA 5520, they all use pre-shared keys (and AES-256/sha), is it worth moving to pki instead?

  PKI provides customers with a scalable, secure mechanism for distributing, managing, and revoking encryption and identity information in a secured data network. Every entity (a person or a device) participating in the secured communications is enrolled in the PKI , a process where the entity generates a Rivest, Shamir, and Adelman (RSA) key pair (one private key and one public key) and has their identity validated by a trusted entity (also known as a CA or trustpoint).

• Pre shared keys used in IKE Phase 1

  Hi Everyone,
  Need to confirm if we can use the Pre shared keys in Aggressive mode and also in Main mode during IKE Phase1
  Regards
  MAhesh

  The pre-shared key is used in both modes of IKE Phase I. With pre-shared keys, the same pre-shared key is configured on each IPSec peer. IKE peers authenticate each other by computing and sending a keyed hash of data that includes the pre-shared key.

• Nokia 5800 and wpa shared key problem

  I've got an Orange livebox as a router. When trying to connect the wi-fi I'm asked for a WPA shared key. I input the WEP key of the Live box and it comes up as invalid WPA key. I have put in the right number and 'paired' the livebox with pressing button 1. I've also reset the phone and livebox with no result. Is the WPA key the same as the WEP key? Anyone know the answer?

  Hi,
  I've got a livebox also. When I was setting up my wifi I was asked for "pre shared key" on the 5800 which is your WEP No on the bottom on the livebox.
  I tapped that in (make sure you use caps) pressed "1" on the livebox then select on the phone.
  Worked first time for me.

• 'Wrong' WPA pre shared key code entered, how do i ...

  Please help, i have ntered the wrong pre shared key code, how do i delete it and start again!

  If the problem is the wrong key entered then you should just modify it in the Access Point settings. Access Point settings can be accessed as per Android's instructions above.

• Ciscoworks LMS RME / ASA Firewall configuration pre-shared key savings

  Does anybody know the concept about saving pre-shared by Ciscoworks LMS /RME ?
  Is there a way to get the unencrypted values from Ciscoworks LMS /RME for an ASA Firewall ?
  ASA config. saved with RME
  pre-shared-key *
  ASA config. saved to TFTP from ASA
  pre-shared-key 1ZdmaKVwEkQ66nD37d9kA9fj9z75

  If you enable "shadow directory" (RME - Admin - Config Mgmt - Archive Mgmt - Archive Settings), you can find the raw configs in locations such as /var/adm/CSCOpx/files/rme/dcma/shadow/Security_and_VPN/PRIMARY on Solaris, or its Windows equivalent, after one requisite cycle of Periodic Polling and/or Periodic Collection. That's the same config one'd get saving to TFTP manually.
  However, I don't recall how to unscramble the "asterisks" in the RME GUI, if at all possible.

• Pre-Shared key

  Hi All,
  i just have a quick quest.
  what are the characters that i can use in my Pre-Shared key to establish VPN tunnel? i'm wondering can i use the following characters: ! @ # $ _
  Thanks in advance...

  Hi, I just experienced a problem the may be related to these special characters. I didn't test fully so take this advice with a bit of caution: Under ASA 7.23 OS and possible other OS versions, using special characters in keys causes the key to become deformed, or invalid (don't know which). I upgraded to OS 8.X, re-entered the pre-shared key with special characters and it worked.