Friday, September 6, 2013

View the Pre-Shared Key on an IPsec VPN tunnel-group

When troubleshooting VPN connectivity issues a common problem is a mis-matched pre-shared key.

When you add a pre-shared key to a tunnel-group if you issue a #sh run the output hides the key with a simple *. e.g:

tunnel-group 10.10.10.10 ipsec-attributes
 pre-shared-key *
 isakmp keepalive threshold 15 retry 2

To confirm precisely what has been applied (and therefore help confirm if both ends of your tunnel have the same key) use the following command:
 #more system:running-config

tunnel-group 10.10.10.10 ipsec-attributes
 pre-shared-key AbCdEfG192837645
 isakmp keepalive threshold 15 retry 2


No comments:

Post a Comment