Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Changing router access and VPN policy key passwords

Reply
Thread Tools

Changing router access and VPN policy key passwords

 
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-27-2005
Hi,

On an existing, configured 1721 router (v.12.3) I need to change

1)the password to access the router (SSH and HTTP)

I think this is the step-by-step procedure, after logging into the
router with SSH:

#config t
#line vty 0 4
#password <new password>
#exit
#enable secret <new password>
#end
#writ mem

Is that correct?

2)the key password (Existing_Password_Here) at the VPN policy section:
!
crypto isakmp client configuration group access
key Existing_Password_Here
dns 192.168.180.14
vns 192.168.180.14
domain mydomain.com
pool ippool
acl100
!

(This - key password - will be the Group Authentication password in the
Cisco VPN client software configuration.)

I would highly appreciate any help.

Thanks!

R. Nick

 
Reply With Quote
 
 
 
 
Igor Mamuzic
Guest
Posts: n/a
 
      08-27-2005
Hello,

Yes, both of your configuration steps seems to be legal...

B.R.
Igor


<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
>
> On an existing, configured 1721 router (v.12.3) I need to change
>
> 1)the password to access the router (SSH and HTTP)
>
> I think this is the step-by-step procedure, after logging into the
> router with SSH:
>
> #config t
> #line vty 0 4
> #password <new password>
> #exit
> #enable secret <new password>
> #end
> #writ mem
>
> Is that correct?
>
> 2)the key password (Existing_Password_Here) at the VPN policy section:
> !
> crypto isakmp client configuration group access
> key Existing_Password_Here
> dns 192.168.180.14
> vns 192.168.180.14
> domain mydomain.com
> pool ippool
> acl100
> !
>
> (This - key password - will be the Group Authentication password in the
> Cisco VPN client software configuration.)
>
> I would highly appreciate any help.
>
> Thanks!
>
> R. Nick
>



 
Reply With Quote
 
 
 
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-27-2005
Hi Igor,

Thank you for your kind reply.

.... but how can I change the VPN key password in the existing
configuration?
Or is my suggestion going to take care of the key password, too?

Sorry, it's a live system I "inherited" - I don't want to mess it up by
trying.

Thanks again.

Nick

> Hello,
>
> Yes, both of your configuration steps seems to be legal...
>
> B.R.
> Igor
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> > Hi,
> >
> > On an existing, configured 1721 router (v.12.3) I need to change
> >
> > 1)the password to access the router (SSH and HTTP)
> >
> > I think this is the step-by-step procedure, after logging into the
> > router with SSH:
> >
> > #config t
> > #line vty 0 4
> > #password <new password>
> > #exit
> > #enable secret <new password>
> > #end
> > #writ mem
> >
> > Is that correct?
> >
> > 2)the key password (Existing_Password_Here) at the VPN policy section:
> > !
> > crypto isakmp client configuration group access
> > key Existing_Password_Here
> > dns 192.168.180.14
> > vns 192.168.180.14
> > domain mydomain.com
> > pool ippool
> > acl100
> > !
> >
> > (This - key password - will be the Group Authentication password in the
> > Cisco VPN client software configuration.)
> >
> > I would highly appreciate any help.
> >
> > Thanks!
> >
> > R. Nick
> >


 
Reply With Quote
 
dt1649651@yahoo.com
Guest
Posts: n/a
 
      08-28-2005

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Hi Igor,
>
> Thank you for your kind reply.
>
> ... but how can I change the VPN key password in the existing
> configuration?
> Or is my suggestion going to take care of the key password, too?
>


You do not have to re-type in the whole block definition of the crypto
isakmp client configuration group. Just the group configuration
definition line and the key.


crypto isakmp client configuration group access
key New_Password_Here


DT

 
Reply With Quote
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-29-2005
Hi,

Thanks for your reply, DT.

I have logged into the router with SSH and enter this line:

router#crypto isakmp client configuration group access

I get the following error:

router#crypto isakmp client configuration group access
^
% Invalid input detected at '^' marker.


Please bear with me, I am not a "CISCO guy", I would highly appreciate
a step-by-step, "idiot proof" instruction from the initial login to the
last step in order to be able to change the VPN connection password on
this inherited router.

Again, all your kind help is highly appreciated.

Nick


(E-Mail Removed) wrote:
> (E-Mail Removed) wrote:
> > Hi Igor,
> >
> > Thank you for your kind reply.
> >
> > ... but how can I change the VPN key password in the existing
> > configuration?
> > Or is my suggestion going to take care of the key password, too?
> >

>
> You do not have to re-type in the whole block definition of the crypto
> isakmp client configuration group. Just the group configuration
> definition line and the key.
>
>
> crypto isakmp client configuration group access
> key New_Password_Here
>
>
> DT


 
Reply With Quote
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-29-2005
I just noticed that the position of the '^' marker is oncorrect in the
posted message.

router#crypto isakmp client configuration group access
^
The '^' marker is under the s in isakmp.

Thanks,

Nick

 
Reply With Quote
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-29-2005
Okay.. I can see what was the error above: I was not in "config t"
mode...

Now I did that:
router#config t
router(config-isakmp-group)#crypto isakmp client configuration group
access
router(config-isakmp-group)#key New_Password_Here
A key already exists for group access

I exit with CTRLZ and show running-config displays the old password.

Would it be easier just to delete the existing VPN group and create a
new one?
In this case, how can I delete the existing one?

Thanks again!

Nick

 
Reply With Quote
 
random.nick@gmail.com
Guest
Posts: n/a
 
      08-29-2005
Solved...

Finally I have figured it out.
For the record for changing password of IKE key:

router#config t
router#crypto isakmp client configuration group access
router(config-isakmp-group)#no key access
router(config-isakmp-group)#crypto isakmp client configuration group
access
router(config-isakmp-group)#key NEW_PASSWORD
router(config-isakmp-group)#CTRL Z
router#copy running-conf startup-conf

Thanks for everybody's help!

Nick

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Policy map using policy map Geoffrey Sinclair Cisco 1 07-27-2009 09:31 AM
Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication DCS Cisco 2 03-26-2009 08:45 PM
Default Domain Policy vs Default Domain Controller Policy Tyler Cobb MCSE 6 10-19-2005 09:36 PM
Default Domain Policy vs. Default Domain Controller Policy Tyler Cobb MCSA 1 10-09-2005 03:42 PM
endpoint vpn router to endpoint vpn router problem Mike Doty Cisco 1 10-02-2004 07:41 PM



Advertisments