It’s well known that to recover VPN passwords for L2L tunnels you can copy the config to a TFTP server and view the configuration to retrieve the passwords. That works just fine….until you’re remotely working on an ASA and don’t have access to a TFTP server. Well, there is another way. Use the more command to view the running config. It will “decrypt” the VPN passwords!

tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
 pre-shared-key *****

more system:running-config

tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
 pre-shared-key MySeCrEtVpNkEy