Summary

Previous page
Table of content
Next page

As the scale of enterprise-class IPSec VPN designs increases, so do the design challenges associated with the scalability and management of the overall architecture. In this chapter, we've introduced the use of a PKI as a centralized, scalable resource for key management in large-scale IPSec VPN deployments. The PKI lends an additional degree of security to the overall IPSec VPN architecture using a centralized, trusted resource (the PKI CA) to distribute public key certificates to each IPSec VPN gateway participating in the PKI. At this point, we have discussed how Cisco IPSec VPN gateways using RSA signatures for IKE Authentication authenticate and enroll with the CA of the PKI, obtain their public key certificates, and verify each other's public key certificates using several different design alternatives including:

  • Standalone CA deployments

  • CA deployments using one or more RAs

  • CA hierarchies using multiple CAs for redundancy

We have also covered the basics for using PKI technology with Cisco IPSec VPN endpoints, and several design alternatives to deploying PKI resources. PKIs should be evaluated as the design option of choice using concepts and design scenarios discussed in this chapter when additional levels of secure, scalable key management are required within their IPSec VPN deployments.



Previous page
Table of content
Next page
IPsec Virtual Private Network Fundamentals
IPSec Virtual Private Network Fundamentals
ISBN: 1587052075
EAN: 2147483647
Year: N/A
Pages: 113
Authors: James Henry Carmouche
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Adobe After Effects 7.0 Studio Techniques
Competency-Based Human Resource Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Ruby Cookbook (Cookbooks (OReilly))
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy