I currently have a DMVPN configuration with an isakmp key that is used for all spokes. Is there a way to create a key per spoke or another method of configuring security per spoke so if someone leaves the company I can remove config from the HUB and they can no longer connect?
If your spokes have dynamic IP addresses, you are out of luck with PSKs. In these scenarios, using certificates is the way to go. If your spokes have fixed IPs, you can configure the PSKs individually, but you lose spoke-to-spoke communication.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
