PKI Service for Large Scale IPSec Aggregation
Source: Cisco Systems
There are two methods to deploy authentication for VPN technologies: Pre-shared keys (PSK), Public Key Infrastructure (PKI) Pre-shared keys are easy to deploy and highly scalable, but become very difficult to manage. Any VPN peer with the knowledge of the password can establish the VPN session to the headend in a pre-shared key environment. Moreover, if there are multiple headends then the passwords must be synchronized between the headend - which makes it inherently more difficult to manage.