Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
1
Replies

Using PKI for Authentication only

Brian Green
Level 1
Level 1

‎09-23-2015 06:38 AM

Hello,

 

We are looking to use PKI in our DMVPN config, but I wanted to ask - can the certs be used just for authentication and not encryption?  We have traffic encryptors outside the DMVPN tunnel so we wouldn't need to double-encrypt the traffic and wanted to reduce the load on the routers (if we can).

 

Thanks,

 

Brian

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-28-2015 05:26 AM

Brian, 

 

The certs (actually RSA sig) are only used to authenticate IKE exchange. The key material used for encryption/decryption is different. 

 

Additionally most new Cisco routers have an onboard crypto acceleration chip handling encryption and decryption processes. 

 

M. 

0 Helpful
Customers Also Viewed These Support Documents