Viewing or Recovering Pre-Shared Keys (PSK) in plain text on a Cisco ASA

About 4 months ago I began taking a deep dive into Cisco Networking from my new job. Since then, I have obtained my Cisco Certified Systems Engineer certification. The first of many planned Cisco certifications for me. It’s been a ton of fun, but I’m always learning new commands to use on these devices. I’ll try to share the most useful non-common one’s for you.

One command that has been extremely helpful when setting up and troubleshooting VPNs is ‘more system:running-config

You probably already know that simply using the ‘show run’ command will display the PSK with asterisks (****). Running the ‘more system:running-config’ command will display the running configuration with unencrypted passwords, including the PSK. If the PSK wasn’t documented or you just need to verify, it can be proven very useful!

Another handy command when troubleshooting a problematic VPN is to turn on debug mode for the VPN.

debug crypto ca 20

If you’re not at the console, you will need to use the ‘terminal monitor’ (or simply ‘term mon’) command to see the output. Don’t forget to turn debug off when you are finished!

Leave a Reply

Your email address will not be published.