Routers as Certificate Authorities
Summary
This chapter showed you the basics of setting up ISAKMP/IKE Phase 1. The defining of the policy statements on a router is straightforward. With three types of device authentication to choose from, pre-shared keys is the simplest to configure but scales the least; certificates are the hardest to implement, but scale the best. And with the ability of a Cisco router to function as a CA, you can deploy certificate services easily using existing equipment.
Next up is Chapter 17, "Router Site-to-Site Connections," where I show you how to configure your router to establish various types of site-to-site sessions with remote peers, covering topics such as static and dynamic crypto maps, the Tunnel Endpoint Discovery (TED) protocol, dynamic multipoint VPNs (DMVPNs), and many others.