×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

DMVPN security per spoke

Unanswered Question
Nov 14th, 2014
User Badges:

Hello,

 

I currently have a DMVPN configuration with an isakmp key that is used for all spokes.  Is there a way to create a key per spoke or another method of configuring security per spoke so if someone leaves the company I can remove config from the HUB and they can no longer connect?

 

Thank you,

 

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Karsten Iwen Fri, 11/14/2014 - 14:17
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

If your spokes have dynamic IP addresses, you are out of luck with PSKs. In these scenarios, using certificates is the way to go. If your spokes have fixed IPs, you can configure the PSKs individually, but you lose spoke-to-spoke communication.

Actions

This Discussion