CCSP Cisco Secure VPN Exam Certification Guide
Chapter 4, Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
This excerpt is reprinted with permission from Cisco Press. For more information or to order the book, visit the Cisco Press Web site.
From a procedural perspective, it is easier to configure the Cisco VPN 3000 Concentrator Series for remote access using preshared keys. While the alternative method is to use the services of a Certificate Authority (CA), that method entails additional steps. Using preshared keys, the client only needs to know the address of the VPN concentrator and the shared secret key.
While VPN configuration is relatively easy with preshared keys, this manual process does not scale well for large implementations. The VPN administrator must provide the password and implementation instructions to prospective users. This could be accomplished by preconfiguring client software on a floppy disk or CD-ROM, but even that process can be labor intensive in large implementations.
Once all of your users have successfully configured their remote systems with the current shared key, the process of changing passwords periodically, as every good security plan requires, would require notifying all users of the new password and providing modification instructions. You can imagine how it would be easy to forget about this important security consideration.
While scaling VPN implementations can be better handled by using CA support and digital certificates, preshared keys are easy to implement and can be used in many applications. This chapter discusses the process of implementing Internet Protocol Security (IPsec) using preshared keys on the Cisco VPN 3000 Series Concentrators. The clever graphical user interface (GUI) makes the implementation process easy.
Exam Topics Discussed in This Chapter
This chapter covers the following topics, which you need to master in your pursuit of certification as a Cisco Certified Security Professional:
9 Overview of remote access using preshared keys
10 Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access
11 Browser configuration of the Cisco VPN 3000 Concentrator Series
12 Configuring users and groups
13 Advanced configuration of the Cisco VPN 3000 Concentrator Series
14 Configuring the IPsec Windows Client
This chapter is posted in full as a pdf file. To continue reading, click here.
Dig Deeper on Network Access Control