Re: pre-shared key vs certificate is which best and why
In security point of view, using CA server and certificate will add more security to your VPN network, that is for sure. Certificate has much longer public and private key then pre-shared. Certificate is not easy to be exported, once the laptop has been stolen, you can revoke the certificate from the Cert server.
If you are using pre-shared key, you need change all other PC's group password in case someone get he group password from the stolen PC.
If you have more than 10 LAN to LAN sites, using certificate can make the configuration simpler, because you do not need to config pre-shared keys for each site.Use same Cert server and enroll all the routers to it , then it will be done.
For the remote access point of view, You need enroll all your clients(depending or username or PC), each client will have one certificate. If you have several hundreds of users, that will increase your workload for sure.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...