ISAKMP/IKE Phase 1 Device Authentication

Because the configuration of device authentication can be complex, at least when it comes to RSA encrypted nonces and especially digital certificates, I’ve separated the configuration process for authentication from the ISAKMP/IKE Phase 1 policy configuration and will cover it in its own section.

Note that Cisco routers support three methods of authenticating IPsec devices (peers): Pre-shared keys, RSA encrypted nonces, and RSA signatures (digital certificates). The following sections will discuss the configuration of these authentication methods.

ISAKMP/IKE Identity Type

Before I discuss the three ways of configuring device authentication, I first need to discuss the use of a router’s identity type. ...

Get The Complete Cisco VPN Configuration Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.