Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
17-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 17 Configuring Basic Settings
Configuring the Master Passphrase
If you later disable password encryption, all existing encrypted passwords are left unchanged, and as
long as the master passphrase exists, the encrypted passwords will be decrypted as required by the
application.
Step 3 Check the Change the encryption master passphrase check box to enable you to enter and confirm
your new master passphrases. By default, they are disabled.
Your new master passphrase must be between 8 and 128 characters long.
If you are changing an existing passphrase, you must enter the old passphrase before you can enter a new
one.
To delete the master passphrase, leave the New and Confirm master passphrase fields blank.
Step 4 Click Apply.
When you click Apply, warning messages appear under the following conditions:
The Change the encryption master passphrase field is enabled, and the new master passphrase field
is empty. The no key configuration-key password-encrypt command is then sent to the device.
The old master passphrase does not match the hash value in the show password encryption
command output.
You use non-portable characters, particularly those with the high-order bit set in an 8-bit
representation.
A master passphrase and failover are in effect, then an error message appears in an attempt to remove
the failover shared key.
Encryption is disabled, but a new or replacement master passphrase is supplied. Click OK or Cancel
to continue.
If the master passphrase is changed in multiple security context mode.
If Active/Active failover is configured and the master passphrase is changed.
If any running configurations are configured so that their configurations cannot be saved to their
server, such as with context config-URLs that use HTTP or HTTPS and the master passphrase is
changed.
Disabling the Master Passphrase
Disabling the master passphrase reverts encrypted passwords into plain text passwords. Removing the
passphrase might be useful if you downgrade to a previous software version that does not support
encrypted passwords.
Prerequisites
Step 1 You must know the current master passphrase to disable it. If you do not know the passphrase, see the
“Recovering the Master Passphrase” section on page 17-7.In single context mode, choose
Configuration > Device Management > Advanced > Master Passphrase.
In multiple context mode, choose Configuration > Device Management > Device Administration >
Master Passphrase.
Step 2 Check the Advanced Encryption Standard (AES) password encryption check box.