I total agree with you, to many sites, to many worries, to many configurations......CA will be your answer....
Juan Blanco -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Sent: Monday, September 02, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: Re: 150 site, site-to-site VPN [7:42661] I think you're tlking about pre-shared keys, the other option is to use public and private keys with either an outside thrid party or a certificate authority yourself. ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys, > > I have a global financial company that is upgrading their core data > infrastructure (bunch of 7200's and 6509's, etc), opening up 150 remote > locations over the next few years, going all IP telephony with Call Mangers > and now wants to encrypt ALL traffic to all sites. I know site-to -site > VPN's can be achieved with key's configured in the crypto maps in IOS, but > what if someone compromises the key on the IOS. I, or my client, if we even > knew the key was stolen, would have to update all the routers across the > network. > > What options do you recommend for using certificate servers to distribute > keys instead? What problems have you encountered with this? Would it be > easier to just have the client update the key's once a month via CiscoWorks? > > -- > RFC 1149 Compliant > > Get in my head: > http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52548&t=42661 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
