Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Pre-share vs PKI

Can anyone give some advise on when to use preshare or manual PKI and whether it is better to implement PKI from day one for site-to-site VPN connections. Also, any recommendations on PKI solution that is easy to implement and manage. Our clients typically have three to ten remote sites. Any experience/advice gratefully received.

New Member

Re: Pre-share vs PKI

If the site-to-site traffic is occurring in a completely trusted and isolated environment, then preshare keys would be an option. However, if the users are working from remote sites and travelling in untrusted territory, then, IMHO, PKI is the only way to go from day one. The Cisco solution is easier than most to manage. You can use an ini file to distribute most information required to configure the VPN client seamlessly.

Hope this helps.

New Member

Re: Pre-share vs PKI

1. the original question is about site-to-site and not remote access. So, I guess the access is from their branch offices only.

2. The ini file is for remote access vpn clients ie, clients who are typically coming into the network through dial-ups etc.

3. To answer the specific query:

if you think the number of locations will remain constant over the next two years or so, go for pre-shared key. Else PKI.

CreatePlease to create content