Changing router access and VPN policy key passwords

Discussion in 'Cisco' started by random.nick@gmail.com, Aug 27, 2005.

  1. Guest

    Hi,

    On an existing, configured 1721 router (v.12.3) I need to change

    1)the password to access the router (SSH and HTTP)

    I think this is the step-by-step procedure, after logging into the
    router with SSH:

    #config t
    #line vty 0 4
    #password <new password>
    #exit
    #enable secret <new password>
    #end
    #writ mem

    Is that correct?

    2)the key password (Existing_Password_Here) at the VPN policy section:
    !
    crypto isakmp client configuration group access
    key Existing_Password_Here
    dns 192.168.180.14
    vns 192.168.180.14
    domain mydomain.com
    pool ippool
    acl100
    !

    (This - key password - will be the Group Authentication password in the
    Cisco VPN client software configuration.)

    I would highly appreciate any help.

    Thanks!

    R. Nick
     
    , Aug 27, 2005
    #1
    1. Advertising

  2. Igor Mamuzic Guest

    Hello,

    Yes, both of your configuration steps seems to be legal...

    B.R.
    Igor


    <> wrote in message
    news:...
    > Hi,
    >
    > On an existing, configured 1721 router (v.12.3) I need to change
    >
    > 1)the password to access the router (SSH and HTTP)
    >
    > I think this is the step-by-step procedure, after logging into the
    > router with SSH:
    >
    > #config t
    > #line vty 0 4
    > #password <new password>
    > #exit
    > #enable secret <new password>
    > #end
    > #writ mem
    >
    > Is that correct?
    >
    > 2)the key password (Existing_Password_Here) at the VPN policy section:
    > !
    > crypto isakmp client configuration group access
    > key Existing_Password_Here
    > dns 192.168.180.14
    > vns 192.168.180.14
    > domain mydomain.com
    > pool ippool
    > acl100
    > !
    >
    > (This - key password - will be the Group Authentication password in the
    > Cisco VPN client software configuration.)
    >
    > I would highly appreciate any help.
    >
    > Thanks!
    >
    > R. Nick
    >
     
    Igor Mamuzic, Aug 27, 2005
    #2
    1. Advertising

  3. Guest

    Hi Igor,

    Thank you for your kind reply.

    .... but how can I change the VPN key password in the existing
    configuration?
    Or is my suggestion going to take care of the key password, too?

    Sorry, it's a live system I "inherited" - I don't want to mess it up by
    trying.

    Thanks again.

    Nick

    > Hello,
    >
    > Yes, both of your configuration steps seems to be legal...
    >
    > B.R.
    > Igor
    >
    >
    > <> wrote in message
    > news:...
    > > Hi,
    > >
    > > On an existing, configured 1721 router (v.12.3) I need to change
    > >
    > > 1)the password to access the router (SSH and HTTP)
    > >
    > > I think this is the step-by-step procedure, after logging into the
    > > router with SSH:
    > >
    > > #config t
    > > #line vty 0 4
    > > #password <new password>
    > > #exit
    > > #enable secret <new password>
    > > #end
    > > #writ mem
    > >
    > > Is that correct?
    > >
    > > 2)the key password (Existing_Password_Here) at the VPN policy section:
    > > !
    > > crypto isakmp client configuration group access
    > > key Existing_Password_Here
    > > dns 192.168.180.14
    > > vns 192.168.180.14
    > > domain mydomain.com
    > > pool ippool
    > > acl100
    > > !
    > >
    > > (This - key password - will be the Group Authentication password in the
    > > Cisco VPN client software configuration.)
    > >
    > > I would highly appreciate any help.
    > >
    > > Thanks!
    > >
    > > R. Nick
    > >
     
    , Aug 27, 2005
    #3
  4. Guest

    wrote:
    > Hi Igor,
    >
    > Thank you for your kind reply.
    >
    > ... but how can I change the VPN key password in the existing
    > configuration?
    > Or is my suggestion going to take care of the key password, too?
    >


    You do not have to re-type in the whole block definition of the crypto
    isakmp client configuration group. Just the group configuration
    definition line and the key.


    crypto isakmp client configuration group access
    key New_Password_Here


    DT
     
    , Aug 28, 2005
    #4
  5. Guest

    Hi,

    Thanks for your reply, DT.

    I have logged into the router with SSH and enter this line:

    router#crypto isakmp client configuration group access

    I get the following error:

    router#crypto isakmp client configuration group access
    ^
    % Invalid input detected at '^' marker.


    Please bear with me, I am not a "CISCO guy", I would highly appreciate
    a step-by-step, "idiot proof" instruction from the initial login to the
    last step in order to be able to change the VPN connection password on
    this inherited router.

    Again, all your kind help is highly appreciated.

    Nick


    wrote:
    > wrote:
    > > Hi Igor,
    > >
    > > Thank you for your kind reply.
    > >
    > > ... but how can I change the VPN key password in the existing
    > > configuration?
    > > Or is my suggestion going to take care of the key password, too?
    > >

    >
    > You do not have to re-type in the whole block definition of the crypto
    > isakmp client configuration group. Just the group configuration
    > definition line and the key.
    >
    >
    > crypto isakmp client configuration group access
    > key New_Password_Here
    >
    >
    > DT
     
    , Aug 29, 2005
    #5
  6. Guest

    I just noticed that the position of the '^' marker is oncorrect in the
    posted message.

    router#crypto isakmp client configuration group access
    ^
    The '^' marker is under the s in isakmp.

    Thanks,

    Nick
     
    , Aug 29, 2005
    #6
  7. Guest

    Okay.. I can see what was the error above: I was not in "config t"
    mode...

    Now I did that:
    router#config t
    router(config-isakmp-group)#crypto isakmp client configuration group
    access
    router(config-isakmp-group)#key New_Password_Here
    A key already exists for group access

    I exit with CTRLZ and show running-config displays the old password.

    Would it be easier just to delete the existing VPN group and create a
    new one?
    In this case, how can I delete the existing one?

    Thanks again!

    Nick
     
    , Aug 29, 2005
    #7
  8. Guest

    Solved...

    Finally I have figured it out.
    For the record for changing password of IKE key:

    router#config t
    router#crypto isakmp client configuration group access
    router(config-isakmp-group)#no key access
    router(config-isakmp-group)#crypto isakmp client configuration group
    access
    router(config-isakmp-group)#key NEW_PASSWORD
    router(config-isakmp-group)#CTRL Z
    router#copy running-conf startup-conf

    Thanks for everybody's help!

    Nick
     
    , Aug 29, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tyler Cobb
    Replies:
    6
    Views:
    18,674
    Tyler Cobb
    Oct 19, 2005
  2. DCS
    Replies:
    2
    Views:
    5,102
    eshan_amiran
    Mar 26, 2009
  3. Marvs
    Replies:
    3
    Views:
    7,076
  4. Tyler Cobb
    Replies:
    1
    Views:
    745
    dawnad
    Oct 9, 2005
  5. Geoffrey Sinclair

    Policy map using policy map

    Geoffrey Sinclair, Jul 27, 2009, in forum: Cisco
    Replies:
    1
    Views:
    559
    bod43
    Jul 27, 2009
Loading...

Share This Page