Here is a quick and dirty config tip.

If you look at your running config you will notice that your ISAKMP keys are stored in plain-text. In other words, unencrypted. This still stands after issuing the “service password-encryption” command.

Click more to find out how to encrypt those keys using AES!

So, what we start out with looks something like this:

crypto isakmp key myweakpassword address 1.1.1.1

What we ideally want to do is encrypt this password to prevent a potential leak of the config causing you problems, not to mention just so that you can follow best practice!

All we need to enter is the following two lines of config:

MyRouter(config)#key config-key password-encrypt thisismyencryptionpassword
MyRouter(config)#password encryption aes

Easy right? Ok lets verify this works by issuing the “sh run”:

crypto isakmp key 6 V]PMeY]cO[TQ[EWaQ\[D`XViUTA`LZMVR_[[SUQVgF address 1.1.1.1

Hope that helps!

This entry was posted on Friday, October 31st, 2008 at 9:55 pm and is filed under Config. Guides, Tricks and Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.