Wednesday, November 16, 2011

Display VPN preshared key on a Cisco Pix 6.3

Displaying the preshared key for vpn site to site tunnels on Pix 6.3 devices, I always thought was impossible until I came across this:

Basically you can get the PSK via the http service on the firewall.

You will need to do the following:
1. Enable the http server
2. Allow access to the firewall via the http service
3. Use your browser to get the PSK

Here is the command line (CLI) Code:

conf t
http server enable
http inside

Then connect to https://FW_IP/config

This will only work if the name inside is the name of the interface that we connect to this can be changed if needed.

Also you must use a NON pix username account.

If you need to create one use this command:

username NEW_USER password PASSWORD_FOR_USER priv 15

Let me know if you have any questions.