ISAKMP/IKE Phase 1 Device Authentication
Because the configuration of device authentication can be complex, at least when it comes to RSA encrypted nonces and especially digital certificates, I’ve separated the configuration process for authentication from the ISAKMP/IKE Phase 1 policy configuration and will cover it in its own section.
Note that Cisco routers support three methods of authenticating IPsec devices (peers): Pre-shared keys, RSA encrypted nonces, and RSA signatures (digital certificates). The following sections will discuss the configuration of these authentication methods.
ISAKMP/IKE Identity Type
Before I discuss the three ways of configuring device authentication, I first need to discuss the use of a router’s identity type. ...