Pre-shared keys (PSKs) for L2TP/IPsec are easy to configure, both on the VPN server and on all the VPN clients. However, the same PSK must be used for all remote VPN users for the IPsec part of their VPN connections. The use of the same PSK can be a problem-for example when VPN access needs to be revoked for a particular user. Although access can be revoked at higher-level user authentication, the user still has the IPsec PSK and can still establish an IPsec session, which may not be desirable. To prevent the establishment of an IPSec session, a new PSK needs to be configured on the VPN server and all VPN clients.