Virtual private network (VPN) Internet Protocol security (IPsec) certificates are used in three situations, described in this topic.
If you are using IPsec tunnel mode to establish a site-to-site VPN connection, you can use an IPsec certificate or a preshared key for tunnel encryption. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation. You will be prompted to select a certificate from the local computer store of the ISA Server computer or array.
If your site-to-site VPN connection is made using Layer Two Tunneling Protocol (L2TP) over IPsec, you can use a computer certificate or a preshared key. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation.
For VPN clients, if you enable L2TP over IPsec, you can use a computer certificate or a preshared key. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation. If you choose to use a preshared key, this can be configured in General VPN Configuration on the Authentication tab.
Notes