1. Home
  2. Cisco Systems
  3. Changing router access and VPN policy key passwords

Changing router access and VPN policy key passwords

Hi,

On an existing, configured 1721 router (v.12.3) I need to change

1)the password to access the router (SSH and HTTP)

I think this is the step-by-step procedure, after logging into the router with SSH:

#config t #line vty 0 4 #password #exit #enable secret #end #writ mem

Is that correct?

2)the key password (Existing_Password_Here) at the VPN policy section: ! crypto isakmp client configuration group access key Existing_Password_Here dns 192.168.180.14 vns 192.168.180.14 domain mydomain.com pool ippool acl100 !

(This - key password - will be the Group Authentication password in the Cisco VPN client software configuration.)

I would highly appreciate any help.

Thanks!

R. Nick

Reply to
random.nick
Loading thread data ...

Hi Igor,

Thank you for your kind reply.

.... but how can I change the VPN key password in the existing configuration? Or is my suggestion going to take care of the key password, too?

Sorry, it's a live system I "inherited" - I don't want to mess it up by trying.

Thanks again.

Nick

Reply to
random.nick

Hello,

Yes, both of your configuration steps seems to be legal...

B.R. Igor

Reply to
Igor Mamuzic

You do not have to re-type in the whole block definition of the crypto isakmp client configuration group. Just the group configuration definition line and the key.

crypto isakmp client configuration group access key New_Password_Here

DT

Reply to
dt1649651

Hi,

Thanks for your reply, DT.

I have logged into the router with SSH and enter this line:

router#crypto isakmp client configuration group access

I get the following error:

router#crypto isakmp client configuration group access ^ % Invalid input detected at '^' marker.

Please bear with me, I am not a "CISCO guy", I would highly appreciate a step-by-step, "idiot proof" instruction from the initial login to the last step in order to be able to change the VPN connection password on this inherited router.

Again, all your kind help is highly appreciated.

Nick

snipped-for-privacy@yahoo.com wrote:

Reply to
random.nick

I just noticed that the position of the '^' marker is oncorrect in the posted message.

router#crypto isakmp client configuration group access ^ The '^' marker is under the s in isakmp.

Thanks,

Nick

Reply to
random.nick

Okay.. I can see what was the error above: I was not in "config t" mode...

Now I did that: router#config t router(config-isakmp-group)#crypto isakmp client configuration group access router(config-isakmp-group)#key New_Password_Here A key already exists for group access

I exit with CTRLZ and show running-config displays the old password.

Would it be easier just to delete the existing VPN group and create a new one? In this case, how can I delete the existing one?

Thanks again!

Nick

Reply to
random.nick

Solved...

Finally I have figured it out. For the record for changing password of IKE key:

router#config t router#crypto isakmp client configuration group access router(config-isakmp-group)#no key access router(config-isakmp-group)#crypto isakmp client configuration group access router(config-isakmp-group)#key NEW_PASSWORD router(config-isakmp-group)#CTRL Z router#copy running-conf startup-conf

Thanks for everybody's help!

Nick

Reply to
random.nick

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.