This command will show you the pre-shared-key configured on your ASA
more system:run | be tunnel-group ip.add.re.ss
there are 4 steps involved in this :
1. enable command authorization ( LOCAL in this case means , keep the command authorization configuration on the firewall ) :
aaa authorization command LOCAL
2. define commands you want to use on a certain level, for example these commands will enable a user in privilege level 5 to view and clear crypto tunnels
privilege show level 5 command crypto
privilege clear level 5 command crypto
3. create a user and assign the privilege level to her/him :
username userName password userPass privilege 5
4. create an enable password for the new privilege level :
enable password enablePass level 5
now when the user logs in she/he can type :
enable 5
enter the password from step for and they will be able to run the above crypto commands.
here’s a link to the cisco KB.
install resolvconf :
sudo apt-get install resolvconf
add to your openvpn client config :
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Small reminder as I always tend to forget these :
Dump the CRM cib db :
cibadmin -Q > cib.backup.xml
Modify a resource , dump the cib, modify the xml for the resources and then import using cibadmin -M
cibadmin -V -M -o resources -x modified_resources.xml
Add a resource , create the xml for the resource and them use -C
cibadmin -V -C -o resources -x new_resource.xml
Move resource from one location to another, -f to force it …
crm_resource -M -r resource -H host
crm_resource -M -r resource -H host -f
