How to Encrypt your ISAKMP keys in the running config!
Posted by: Rich in Config. Guides, Tricks and TipsHere is a quick and dirty config tip.
If you look at your running config you will notice that your ISAKMP keys are stored in plain-text. In other words, unencrypted. This still stands after issuing the “service password-encryption” command.
Click more to find out how to encrypt those keys using AES!
So, what we start out with looks something like this:
crypto isakmp key myweakpassword address 1.1.1.1
What we ideally want to do is encrypt this password to prevent a potential leak of the config causing you problems, not to mention just so that you can follow best practice!
All we need to enter is the following two lines of config:
MyRouter(config)#key config-key password-encrypt thisismyencryptionpassword
MyRouter(config)#password encryption aes
Easy right? Ok lets verify this works by issuing the “sh run”:
crypto isakmp key 6 V]PMeY]cO[TQ[EWaQ\[D`XViUTA`LZMVR_[[SUQVgF address 1.1.1.1
Hope that helps!

Entries (RSS)