Lms3.2 passwords & preshared key

hello,
i have added some ASA to my ciscoworks server.
when i look at the config i see that preshared keys are removed and replaced by a star *
i see something like
tunnel-group cisco ipsec-attributes
pre-shared-key *
then i searched some directories for the the plain text config files and it does not contain the preshared keys....
if i try to recover from a disaster with those "backup files" it's gonna be useless
is there any tricks to include preshared keys and passwords to my config files
thanks

The devices themselves are putting these stars in the config (starting in 8.2).  The way RME archives the config is to do a "show runn" and extract the config from the output.  RME does not yet support the ability to do a copy runn tftp, which would allow the clear text passwords to be archived.    However, this undos the security one would get by performing the screen scraping over SSH.  Therefore, LMS only uses the "show runn" command to get the config.

Similar Messages

  • SSID with preshared key + ISE

    Hi,
    We have recently implemented Wifi at out site. we have Cisco 3502 AP's, 2504-WLC and the latest cisco ISE. I understand that in ISE deployment, we cant have a preshared key (password or key) for the SSID as ISE will take over the authentication. is that right?
    Current scenario:
    1. Laptop with wifi enabled will select the SSID in the list. since we have disabled the broadcast, it will be shown as other network in the list.
    2. User will the other network and manually enter the SSID string.
    3. Once the SSID matches with the WLC, he/she will be redirected to ISE url where the he/she needs to enter the domain credentials
    4. After the credentials are validated, ISE (NAC) agent will be downloaded on the laptop.
    5. Posture will begin and check for the compliance.
    6. If the laptop is compliant, laptop will be allowed in the network else will be rejected.
    Here, i would like to have preshared authetiation for SSID in the first phase as my infosec team is very particular about that. How can i achieve that?

    Creating Native Supplicant Profiles
    Before You Begin
    •If you intend to use a TLS device protocol for remote device registration, be sure you set up at least one Simple Certificate Enrollment Protocol (SCEP) profile, as described in Simple Certificate Enrollment Protocol Profiles, page 8-31.
    •Be sure to open up TCP port 8909 and UDP port 8909 to enable Cisco NAC Agent, Cisco NAC Web Agent, and supplicant provisioning wizard installation. For more information on port usage, see the “Cisco ISE Appliance Ports Reference” appendix in the Cisco Identity Services Engine Hardware Installation Guide, Release 1.2.
    Step 1Choose Policy > Policy Elements > Results > Client Provisioning > Resources.
    Step 2Choose Add > Native Supplicant Profile.
    Step 3Specify a Name for the agent profile.
    Step 4Enter an optional Description for the Native Supplicant Profile.
    Step 5Select an Operating System for this profile.
    Step 6Enable the appropriate options for Wired or Wireless Connection Type (or both) for this profile. If you enable the Wireless connection option, be sure to also specify the device SSID and the wireless Security type (either WPA2 Enterprise or WPA Enterprise).
    Step 7Choose the Allowed Protocol for the device profile.
    Step 8Enable or disable other
    Optional Settings as appropriate for this profile.
    You can create native supplicant profiles to enable users to bring their own devices into the Cisco ISE network. When the user logs in, based on the profile that you associate with that user’s authorization requirements, Cisco ISE provides the necessary supplicant provisioning wizard needed to set up the user’s personal device to access the network.

  • DMVPN/preshared key configured and device stolen

    Hello,
    I have a question on DMVPN solutions where device is already configured with a preshared key and expected to be a part of a network once the device is fired up.
    Now what if this device (e.g. router) is stolen and plugged to the Internet? I believe it will establish a connection with a hub router because preshared keys, DMVPN config are matching and is there a solution to prevent this?
    I know it is a physical security question however I need to consider this rare scenario.
    Thanks,
    Deepak Ambotkar

    The solution for that problem is to use digital certificates which is a best-practice for DMVPN. For that you can also use an IOS-router as a CA-server.
    If you decide against certificates, the you can at least use PSK-encryption. That doesn't help against stolen devices, but helps against rouge spokes when someone can get the client-config.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Anyconnect and preshared keys

    Is it possible to use the anyconnect client and still use preshared keys?  I'm trying to remediate a PCI issue that requires removing IKEv1, and preshared key, and disabling aggressive mode.
    Will any of this break Anyconnect?  Your assistance in appreciated!

    Hi,
    It is completely possible, You can disable the aggressive mode from the ASA and it will not affect the AnyConnect beacuse it uses (TLS and DTLS protocols)which is completely different from the IPSec.
    Now you can disable the aggressive mode as follow:
    hostname(config)# crypto ikev1 am-disable
    If you have VPN clients IPSec, they will work with main mode if you use certificate authentication only, not using pre-shared keys.
    Please don't forget to rate and Mark as correct the helpful Post!
    David Castro,
    Regards,

  • Question on IKE preshared key for sun systems.

    Hi All
    I'm testing IPsec between a Sun system and a device(and Windows XP). The main mode negotiation failed in the third exchange when encryption is on. Responder side complains about the payload sent from the other side is malformed. I suspect the problem is related to the preshared key configuration. Sun system require a hexdecimal on preshared key and the resulting key length should be at least of what encryption algorithm require(from IP service manual:
    The encryption algorithm in this example (see Step 2) is DES, so the pre-shared key must be at least 64 bits. However, a longer key length is a good idea. For example,
    # ike.preshared on enigma, 192.168.66.1
    { localidtype IP
         localid 192.168.66.1
         remoteidtype IP
         remoteid 192.168.55.2
         # enigma and partym's shared key in hex (128 bits)
         key ac077cc699c17055848a3cf34377980a
    My question is that how should I configure the preshared key to match the one in Sun? like in windows system? I tried to use the exact same key on windows, but the authentication failed. If the problem is not from preshared key, any comments are welcome.
    Thanks a lot!

    To restore key from encoded data you have to use one of the KeySpec lasses in your case DESKeySpec. Then you can use KeyFactory (SecretKeyFactory in this case) class to regenerate key.
    SecretKeyFactory factory = SecretKeyFactory.getInstance("DES", "SunJCE");
    myDESkey = factory.generateSecret(keySpec);

  • Entered Wrong preshared key on WLAN

    Hi
    I entered the wrong preshared key on the WLAN and I can't change it. Tried to using the connection Manager but still says incorrect
    Can anyone help please?
    Thanks

    Menu - Tools - Settings - Connections - Access Points - Select the WLAN in question - Options - Edit - WLAN Security Settings
    Hope that helps
    Nokia History: 3110, 5110, 7110, 7110, 3510i, 6210, 6310i, 5210, 6100, 6610, 7250, 7250i, 6650, 6230, 6230i, 6260, N70, N70, 5300, N95, N95, E71, E72
    Android History: HTC Desire, SE Xperia Arc, HTC Sensation, Sensation XE, One X+, Google Nexus 5

  • RV042 Preshared key hidden

    Hi everyone,
    I'd like to know if its possible to hide the Preshared key in the router configuration.
    By default, you can see it in clear text if you've access on the RV042.
    Thanks for your feedback.
    Regards,
    hdam

    Hello hdam,
    As far as I know, when you're administering and accessing the router configuration and you're setting up VPN, there is no method (or a checkbox) to hide the preshared key away from plaintext.
    If security is a concern, perhaps limit the available management access to the vpn router, so not too many users will know the preshared key.
    -Andrew Lien

  • I don't get "Manage my Account" when I select the Sync tab, but if I try to create a new account it says my userid is already in use. How can I get my password & sync key?

    My OS is Windows 7 Home Premium.
    My Firefox version is 4.0.1.
    When I try to setup Firefox Sync, I get a choice of "Create a new account" or "Connect".
    The first tells me my email address is already in use, but selecting the Sync tab does not give me "Manage my Account."
    How can I find out my password and sync key?

    Hi Russ!
    Apparently you already configured your account but you don't have nor the key or the password. You can get the password in the [https://account.services.mozilla.com/forgot following link] but you would need the Sync Key to sync your device to the rest of your devices.
    If you don't have the Sync Key the best thing you can do is to reset it, by deleting the previous account and creating a new one with the same user. You can perform this tasks from your [https://account.services.mozilla.com/ account dashboard].

  • Copy and Paste WLAN password (PSK-key) on E7-00

    It took quite long to find out how the 128 character password of my private WLAN can be copied and pasted in the PSK-key field. Now I found the (not documented) solution and would like to share it with other users.
    Simply press and hold the Shift key (in any text window) and you'll see the "Paste" button on the screen.
    To copy the password to the clipboard you can transfer the password (by email, sms or in a text file) on your E7-00. Then mark the password using your keyboard (Shift + arrow key), press and hold the Shift key and you'll see the "Copy" button.
    I hope that Google finds this instruction!
    Here is the German version:
    Kopieren und Einfügen eines WLAN Passwortes (PSK-Schlüssel) beim Nokia E7-00:
    Nach langem Suchen fand ich (zufällig) die nicht dokumentierte Lösung, wie man ein Passwort mit 128 Zeichen in das Feld PSK-Schlüssel einfügen kann.
    Unter >Einstellungen>Verbindungen>Einstellungen>Ziele>Internet>"Netzwerkname">WLAN Sicherheitseinstell.>PSK-Schlüssel öffnet man das Eingabefenster für den Schlüssel. Dann drückt und hält man die Großschreibtaste bis die Schaltfläche "Einfügen" sichtbar wird.
    Um das Passwort vorher in die Zwischenablage zu kopieren, überträgt man es per Email, SMS oder Dateitransfer in einer Textdatei, die man mit der Quickoffice-Anwendung öffnet. Dann markiert man den Text mit Hilfe der Tastatur (Großschreibtaste + Pfeiltasten) und hält anschließend die Großschreibtaste gedrückt, bis die Schaltfläche "Kopieren" eingeblendet wird.

    O_O - that´s one for RTFM ;-) No, obviously I haven´t. As I said elsewhere, I had it for just a couple of weeks and I didn´t yet have too much time to study the manual in all detail. Sorry ´bout that!
    Regards,
    Hendikoischnur
    OK, now I have downloaded the manual in German as pdf. Now I only need to install the Adobe Reader, then I can read it on the mobile itself.
    I guess that with that Pencil Key, I could also copy contact data from any document I have on the phone to my contact list?
    Message Edited by hendikoischnur on 21-Apr-2008 01:54 PM
    Message Edited by hendikoischnur on 21-Apr-2008 01:56 PM
    IT will paint our future - either green or black
    * ecosia, the eco-friendly search engine (powered by Yahoo/Bing/WWF);
    * Searching for pics online? Try ecocho.eu or treehoo.com
    * For those who don´t want to miss Google: Try znout.de - it´s Google running on green energy
    * CO2-free chatting: Try Jabber-server.de (running on 100% waterpower)

  • It's not accepting my account information. I have password, sync key, but keeps saying fail to connect to server

    I've already changed both password and sync key after it didn't connect on first three tries.

    Hi Russ!
    Apparently you already configured your account but you don't have nor the key or the password. You can get the password in the [https://account.services.mozilla.com/forgot following link] but you would need the Sync Key to sync your device to the rest of your devices.
    If you don't have the Sync Key the best thing you can do is to reset it, by deleting the previous account and creating a new one with the same user. You can perform this tasks from your [https://account.services.mozilla.com/ account dashboard].

  • Wifi Profiles with PreShared Key

    Hey everyone,
    I have a client with some pretty basic requirements that would like to see from SCCM/Intune.  One of those is the ability to deploy WPA2-PSK Wireless profiles to newly enrolled Intune devices (iOS, Android, and WP8).  They would like to deploy
    the PSK as part of this process so they don't have to hand out the key to everyone.  I see there isn't a way in the interface to configure a WPA profile with the PSK.  Does anyone know if this possible any other way?  
    If not I guess unless your not broadcasting your SSID, what would be the advantage of deploying a WPA-PSK WiFi profile versus the user just selecting the SSID and clicking connect themselves from whatever device they are on?  Maybe I am missing something?
    Thanks!

    Hi,
    No you are correct it is currently not possible.. The only benefit of deploying the WIFI profile is that the device will connect to it automatically but still you would have to enter the password.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Mapping a password on key combination

    Hello,
    on OS X Mavericks of my MacBook pro 15 retina is it possible map a password on a key conbination like CMD + P that can be used on every programs ?
    Thanks
    Fabrizio

    Hi anyone can help me on this request ?

  • Pavilion dv7/Windows 7/How do I Unlock my Password? (Key:69097804)

    Attempt to logon, I ultimately receive a blue box with the text  Entetr Unlock Passwordd(Key:69097804)  I attempt to enter the bios settings by repeatedly hitting the ESC key, but after numerous attempts, I'm always brough to this  message.
    Do you have my :"Unlock Password"?  
    I would greatly appreciate any advice or my code I must enter.
    I don't know if this is related, but someone called claiming to be with Microsoft told me they received a large volume of error messages originating from my PC and would I help them by providing them with my user-id/password.  I told them, well, good luck with that and hung up.
    I'm sure the phone call was just a coincidence.   I've had these type of scams in the past.  Sometimes I just tell them to hold on and walk away.
    The next time they call, I will ask that they call my "other" phone number because my cell phone battery is dying.  I will give them the number of my local police department or the FBI Internet Fraud Division.
    Anyway, I would appreciate your help in this matter.
    Thanks in advance.
    This question was solved.
    View Solution.

    Hi,
    Enter:     76995220
    Regards,
    DP-K
    ****Click the White thumb to say thanks****
    ****Please mark Accept As Solution if it solves your problem****
    ****I don't work for HP****
    Microsoft MVP - Windows Experience

  • How to clear out all passwords in key chain

    HAVING TROUBLE WITH POP UP BOX IN AOL EMAIL CONSTANTLY ASKING FOR MY PASSWORD..HOW DO I CLEAR

    That pop-up occurs whenever you cannot immediately get a good connections to the Mail Server. If it is down, or is slow, or the connection is not so good today. Your Mac cannot see the fine distinction, it just asks for the one thing it knows -- no answer from the Server -- maybe the password is wrong.
    Your best bet when that happens is to hit cancel -- and take that account Online again later. At some point make sure the
    Mail > preferences > accounts ...
    ... for that account has the right passwords in it.

  • WRT54G Software Uninstall

    Hi all,
    I have been using a WRT54G wireless router for many years now.  Great router!  I have upgraded to an EA3500 and need a question answered.  Is there any software for the WRT54G that needs to be uninstalled before installing the EA3500?  I remember running a setup CD for the WRT54G which I don't have anymore.  I've looked for uninstall everywhere on my computer and can't find anything.  I'm running Vista.
    I would much appreciate help with getting the new router up and running.  Are there any problems that may exist upgrading to the EA3500?  I have so many devices connecting through the router noiw I figured it was time to upgrade.
    Thank you for your help in advance.
    JDB 
    Solved!
    Go to Solution.

    jdbegg wrote:
    Hi all,
    I have been using a WRT54G wireless router for many years now.  Great router!  I have upgraded to an EA3500 and need a question answered.  Is there any software for the WRT54G that needs to be uninstalled before installing the EA3500?  I remember running a setup CD for the WRT54G which I don't have anymore.  I've looked for uninstall everywhere on my computer and can't find anything.  I'm running Vista.
    I would much appreciate help with getting the new router up and running.  Are there any problems that may exist upgrading to the EA3500?  I have so many devices connecting through the router noiw I figured it was time to upgrade.
    Thank you for your help in advance.
    JDB 
    Hi there. Like what sabertooth said, no need for you to run the software to get the old router off completely on the system of your computer. You can try the following:
    1. connect your main pc to your modem to see if you can get online and then run the cd that came along with the new router. Just follow the instructions specified on the cd. The software will allow you as well to set up a username (ssid) and password (preshared key).
    2. if ever, your computer does not work when plugged-in to the modem but gets online when old router is connected. Try the steps below: (applicable to DSL and Cable Internet Service Providers)
    for Cable ISPs:
    a. get the mac address of your old router (found at the bottom of the unit) or best get the mac address from the status page of your old router that means you have to access the user interface for that.
    b. if you're able to do step a then connect your new router. connect a computer to it as well. access the user interface of your new router. Default IP address of your old one and new one is the same which is 192.168.1.1. Default password for old router is admin not unless you changed it and as for the new one the router name and password are the same info that you need to enter when it prompts you for the info.
    c. on the new router's setup page, you click on mac address clone subtab and set it enable and enter the mac address from old router to where it says mac address. no need to click on the clone button but just save settings.
    d. you check the status tab and make sure that connection type is DHCP and see if you have internet ip address below it. Internet should work then if you have an internet ip address.
    for DSL ISPs:
    This one depends on how your ISP configured your modem for internet connection.
    If your modem is set to full bridge, you set the new router to PPPoE and input the account username and password below it (account username is the email they activated for your DSL internet service). Keep alive redial period should be selected and when you check the status page, connection type should say PPPoE and status should say connected and an internet IP address should be shown below it.

Maybe you are looking for

  • Organizing iPhoto '09 photos by year

    Hello, Can I get iPhoto 09 to group all my photos (about 10,000) by year, so that I end up with pics by year? I see that I can create a Smart Album to populate with pics taken on a specific day, but I don't see how to get it to do a full specific cal

  • My toolbar shows "downloading the latest applications" 24/7 - how do I get rid of it?

    Right under the toolbar is what looks line another toolbar and the only thing on it is the"working" circle and the words "downloading the latest applications". This is there all the time and there have been no applications loading. I want to get rid

  • Where clause and Dates

    I am creating a coditional query for one of my data blocks. What I need to do is build a where clause on the fly and pass that back to my block using the Set_BLock_Property built in. I am able to do this but I am having problems with the fact that I

  • System Error Messege in ABAP stack of XI

    Hi,   I cannot find the Basic Type IDOC = /ISDFPS/CREMAS04 in my XI server. I have checked it in WE30. However I have imported metaData using IDX2. How to get this in XI srver. I need this as I am gettinh another error in WE02/ WE05 as " error during

  • NEW itunes... album cover collapse option gone??

    NEW itunes... album cover collapse option gone?? Before I could collapse the option of album covers so it was just a big list by clicking the mini triangle in that nav bar - but now it seems that the view stays with mini covers on left!!! or its big