Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DMVPN security per spoke

Hello,

 

I currently have a DMVPN configuration with an isakmp key that is used for all spokes.  Is there a way to create a key per spoke or another method of configuring security per spoke so if someone leaves the company I can remove config from the HUB and they can no longer connect?

 

Thank you,

 

Scott

1 REPLY
VIP Purple

If your spokes have dynamic

If your spokes have dynamic IP addresses, you are out of luck with PSKs. In these scenarios, using certificates is the way to go. If your spokes have fixed IPs, you can configure the PSKs individually, but you lose spoke-to-spoke communication.

55
Views
0
Helpful
1
Replies
CreatePlease to create content