>IMO the easiest way to set up VPN access using Secure Client is with a
>pre-share; have the client initiate the key exchange and ditch the
>notion of using a server as CA. Use a nice alphanumeric sequence of 18
>characters or more on both ends- though it requires individual config on
>the client side it obviates the need for another box on your network.
>
>GWA
I don't disagree that preshared keys (not just for IPsec, but also
SSL/TLS) are straightforward. In smaller networks, they are exactly
what I used between routers. The biggest issue is scalability; the
administration becomes horrendous when you have any appreciable
number of keys.
Another consideration is whether your main goal is confidentiality
and/or authentication. Authentication requirements push things even
more in the direction of CA and an AAA server.
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
