Looking up a VPN PSK on a Cisco ASA

When you have VPN tunnels out to 3rd party customers there comes a time when something is going to go wrong and at least one end of the tunnel is going to have to be rebuilt.  More often than not commanddocumentation got lost or was not updated the last time things changed and now you have no idea what the PSK was that you used on that tunnel.  You quickly look at the configuration on the other end only to find that the PSK is stared out in the running config.

A while back I came across this useful command for showing the PSK in an ASA config at the CLI as follows: more system:running-config {| begin tunnel-group (remote peer IP)}


Client XYZ peer is

more system:running-config | begin tunnel-group



Leave a Reply

Your email address will not be published. Required fields are marked *