Create Site to Site VPN
Pre-Shared Key
Note
Digital Certificate
Note
Cisco Router and Security Device Manager Version 2.2 User's Guide
8-50
Click this button if the VPN peers use a pre-shared key for authentication and then
enter the
pre-shared
key, and then reenter it for confirmation. Exchange the
pre-shared key with the administrator of the remote site through some secure and
convenient method, such as an encrypted e-mail message. Question marks (?) and
spaces must not be used in the pre-shared key.
The characters that you enter for the pre-shared key are not displayed in the
•
field as you enter them. You may find it helpful to write down the key before
you enter it so that you can communicate it to the administrator of the remote
system.
Pre-shared keys must be exchanged between each pair of IPSec peers that
•
need to establish secure tunnels. This authentication method is appropriate
for a stable network with a limited number of IPSec peers. It may cause
scalability problems in a network with a large or increasing number of IPSec
peers.
Click this button if the VPN peers will use digital certificates for authentication.
The router must have a digital certificate issued by a Certificate Authority to
authenticate itself. If you have not configured a digital certificate for the router,
go to VPN components, and use the Digital Certificate wizard to enroll for a
digital certificate.
If you are authenticating using digital certificates, the VPN tunnel might not be
created if the CA server contacted during IKE negotiation is not configured to
respond to Certificate Revocation List (CRL) requests. To correct this problem,
go to the Digital Certificates page, select the configured trustpoint, and select
None for Revocation.
Chapter 8
Site-to-Site VPN
OL-4015-08