Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
1
Replies

The most suitable IPSec peer authentication for enterprise.

ccie16351
Level 1
Level 1

‎06-07-2007 09:18 AM - edited ‎02-21-2020 10:18 AM

Hi,

we are considering IPSec deployment to all peers in an interprise network. What worries me in pre-shared key for peer authentication is scalability, but I do not see any way out, since all Cisco routers, I am aware of, do not maintain the clock, this way using PKI/CA is not an option.

The question is, are you aware of a way to have Cisco Router saves the clock on power reset, or any other way out.

Appreciate your input.

Sami

Labels:
0 Helpful
1 Reply 1

vkapoor5
Level 5
Level 5

‎06-13-2007 11:05 AM

When specifying the host name of a remote IPSec peer via the set peer command, you can also issue the dynamic keyword, which defers DNS resolution of the host name until right before the IPSec tunnel has been established. Deferring resolution enables the Cisco IOS software to detect whether the IP address of the remote IPSec peer has changed. Thus, the software can contact the peer at the new IP address. If the dynamic keyword is not issued, the host name is resolved immediately after it is specified. So, the Cisco IOS software cannot detect an IP address change and, therefore, attempts to connect to the IP address that it previously resolved. DNS resolution assures users that their established IPSec tunnel is secure and authenticated.

0 Helpful
Customers Also Viewed These Support Documents