What two options are available to use for authentication pol

What two options are available to use for authentication policy in configuring IPsec on a Cisco IOS firewall? Which do you believe is more secure? Why?

Solution

In case of configuring IPSec in a cisco IOS firewall there are three policies for which authenctication policy has to be applied :

Internet key exchange proposal policy

Ipsec proposal policy

For both the policies ,we can use either of the two authentication given below :

Preshared key - a secret key is shared between two peers where between whom authentication is to be done.it has to be configured at each device.

Certificates - here RSA algorithm generates key pairs which are used to sign and encrypt the messages of IKE policy.there will be a certificate authority(CA) that provides certificate to IPSec network devices to enable authentication when that device registers with CA.

Certificates are more secure in my concern because they are not manually configured like preshared keys.

Even certificates are maintained centrally by CA not by humans which non reliable.