— Digital certificates scale better than unique preshared keys because they allow any device to authenticate to any other device, but digital certificates do not have the security properties of wildcard keys. Digital certificates are not tied to IP addresses; instead, they are tied to unique, signed information on the device that is validated by the certificate authority (CA) of the enterprise.
— Consider using digital certificates if the size of the VPN grows beyond 20 devices, or sooner if there are requirements for strong device authentication.
— Ensure that devices generating digital certificates or validating received certificates during tunnel authentication and establishment have the correct time of day configured, preferably Coordinated Universal Time (UTC).
6-110 Securing Cisco Network Devices (SND) v2.0 © 2006 Cisco Systems, Inc.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.