I've been advised by our security people that I have to use certificates rather than pre-shared keys for some IPSEC connections I'm building to a third party (we're providing the router to both ends). We don't have a PKI infrastructure that would be accessible from the routers, but I can get signed certificates.
I'm not in favour of this as I don't see what security advantage there would be, but I probably will have to do it anyway.
I was hoping to use a VTI tunnel - has anyone got an example configuration I could look at? I can't find any on the Cisco website.