11-7
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter11 Site-to-Site VPN
Create Site to Site VPN
Enter the pre-shared key, and then reenter it for confirmation. Exchange the
pre-shared key with the administrator of the remote site through some secure and
convenient method, such as an encrypted e-mail message. Qu estion marks (?) and
spaces must not be used in the pre-shared key. The pre-shared key can contain a
maximum of 128 characters.
Note The characters you enter for the pre-shared key are not displayed in the field
as you enter them. You may find it helpful to write down the key before you
enter it so that you can communicate it to the administrator of the remote
system.
Pre-shared keys must be exchanged between each pair of IPSec peers that
need to establish secure tunnels. This authentication method is appropriate
for a stable network with a limited number of IPSec peers. It may cause
scalability problems in a network with a large or increasing number of IPSec
peers.
Digital Certificate
Click this button if the VPN peers will use digital certificates for authentication.
Note The router must have a digital certificate issued by a Certificate Authority to
authenticate itself. If you have not configured a digital certificate for the router,
go to VPN components, and use the Digital Certificate wizard to enroll for a
digital certificate.
Traffic to Encrypt
If you are configuring a Quick Setup site-to-site VPN connection, you need to
specify the source and destination subnets in this window.
Source
Choose the interface on the router that will be the source of the traffic on this VPN
connection. All traffic coming through this interface whose destination IP address
is in the subnet specified in the Destination area will be encrypted.