
manual key VPNs, IKE can change the key automatically at a specified interval.This is
seen as a significant security enhancement over that of manual key VPNs. We will dis-
cuss the use of pre-shared secrets later in this chapter.
IKE can also use digital certificates. During IKE negotiation, both sides generate
public and private key pairs, and acquire a digital certificate. If the issuing certificate
authority is trusted by both parties, the participants can verify their peer’s signature
by retrieving the peer’s public key.
There are also several other benefits of using IKE over the use of a manual key
VPN. IKE eliminates the need to manually specify the ...