Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys

From a procedural perspective, it is easier to configure the Cisco VPN 3000 Concentrator
Series for remote access using preshared keys. While the alternative method is to use
the services of a Certificate Authority (CA), that method entails additional steps. Using
preshared keys, the client only needs to know the address of the VPN concentrator and
the shared secret key.
While VPN configuration is relatively easy with preshared keys, this manual process does
not scale well for large implementations. The VPN administrator must provide the password
and implementation instructions to prospective users. This could be accomplished by
preconfiguring client software on a floppy disk or CD-ROM, but even that process can be
labor intensive in large implementations.
Once all of your users have successfully configured their remote systems with the current
shared key, the process of changing passwords periodically, as every good security plan
requires, would require notifying all users of the new password and providing modification
instructions. You can imagine how it would be easy to forget about this important security
consideration.
While scaling VPN implementations can be better handled by using CA support and digital
certificates, preshared keys are easy to implement and can be used in many applications.
This chapter discusses the process of implementing Internet Protocol Security (IPSec)
using preshared keys on the Cisco VPN 3000 Series Concentrators. The clever graphical
user interface (GUI) makes the implementation process easy.