On Tue, 1 Nov 2011, Yoav Nir wrote:
You could use "local subnet" and "remote subnet"?
It's not necessarily a single subnet. It could be an entire corporate LAN
with multiple subnets.
Adding an "s" was left as an exercise for the reader?
Raw RSA keys work. If there is an introducer that tells both sides about
each other, a shared secret also works. Shared secrets are very secure if
you generate them randomly.
PSK's have problems when trying to distisnguish multiple road warriors with
different PSKs using Main Mode in IKEv1. You also cannot advertise them in
DNS or elsewhere for large scale no-configuration deployments :P
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
