Digital Certificate Support Introduction
You have the choice of three authentication methods when implementing IPSec. The previous method discussed preshared keys, which are great for a small environment. However, preshared keys are not a scalable solution. Imagine having to change the preshared key on 500 virtual private network (VPN) software clients and 50 site-to-site tunnels on a frequent schedule. I think you get the picture that as the size of the IPSec implementation increases, the desirability of preshared keys decreases.
The scalable alternative to preshared keys is to use digital certificates for authentication. To use digital certificates, you need to perform a few more configurations than you would for preshared keys; however, the ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
