cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1236
Views
5
Helpful
3
Replies

DMVPN USING RSA Encryption

Robby Prasetyo
Level 1
Level 1

Dear Guys..

 

Curently we deploy DMVPN Hub-Spoke from HQ to all of branches using Pre shared keys for the authentication method. We plan to change using RSA encryption for AUTH.  Do anybody have doc to deploy DMVPN using RSA Encryption...? 

 

Thanks & Regards

 

Robby

 

 

 

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Robby,

 

Truth be told, authentication method is agnostic of what you're transporting over (in this case GRE).

Any example with IKEv1 and rsa-encr should be good enough. 

 

However that being said, I'm not aware of any NEW deployments that would be using rsa-encr for authentication, I've seen only a couple legacy deployments. 

What's the reason to go for it? Most of the people will move to certificates and rsa-sig ... it's more manageable and provides more options. 

M. 

Dear Marcin,,

 

Thanks for the response...for Certificates..and rsa Sig...it doesn't need purchase any license .right? can be generate in our HUB Router ?  

Hi, Robby.

 

Sure, you don't need any additional liceses to change auth method from PSK to Certificates. And, yes, you can use your HUB Router as Certificate Authority (CA) and issue certificates for SPOKES.

I believe, this link can help you:

http://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/117688-config-dmvpn-00.html