CCSP Self-Study: Securing Cisco IOS Networks (SECUR)

Configuring IPSec for RSA-Encrypted Nonces

This section provides a brief overview of configuring IPSec for RSA-encrypted nonces.

RSA-encrypted nonces provide a strong method of authenticating the IPSec peers and the DH key exchange. RSA-encrypted nonces provide repudiation—a quality that prevents a third party from being able to trace your activities over a network. A drawback is that they are somewhat more difficult to configure and, therefore, more difficult to scale to a large number of peers. RSA-encrypted nonces require that peers possess each other's public keys but do not use a CA. Instead, there are two ways for peers to get each other's public keys:

You manually configure and exchange RSA keys.
You use RSA signatures previously used during ...

Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCSP Self-Study: Securing Cisco IOS Networks (SECUR) by John F. Roland

Configuring IPSec for RSA-Encrypted Nonces

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly