Guys, I have a global financial company that is upgrading their core data infrastructure (bunch of 7200's and 6509's, etc), opening up 150 remote locations over the next few years, going all IP telephony with Call Mangers and now wants to encrypt ALL traffic to all sites. I know site-to -site VPN's can be achieved with key's configured in the crypto maps in IOS, but what if someone compromises the key on the IOS. I, or my client, if we even knew the key was stolen, would have to update all the routers across the network.
What options do you recommend for using certificate servers to distribute keys instead? What problems have you encountered with this? Would it be easier to just have the client update the key's once a month via CiscoWorks? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42661&t=42661 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
