It’s well known that to recover VPN passwords for L2L tunnels you can copy the config to a TFTP server and view the configuration to retrieve the passwords. That works just fine….until you’re remotely working on an ASA and don’t have access to a TFTP server. Well, there is another way. Use the more command to view the running config. It will “decrypt” the VPN passwords!
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key *****
more system:running-config
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key MySeCrEtVpNkEy