Certificate Authority (CA) Support
Now that you have covered the configuration steps and troubleshooting of a simple IOS-to-IOS and PIX-to-PIX VPN using preshared keys, this section moves on to using the same configurations to introduce the use of a CA. IKE phase 1 can be carried out using either preshared keys or a CA. In the previous sections, you configured IKE phase 1 using preshared keys. In this section, you will look at using a CA and RSA certificates to implement IKE phase 1.
In this section, you will follow a setup similar to what you might find in the CCIE Security lab exam. This setup involves using Microsoft 2000 CA Server with Simple Certificate Enrollment Protocol (SCEP) enabled. You will learn about a simple IOS-to-IOS VPN and ...
Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
