When setting up a site-to-site vpn, phase 1 of the IKE includes the creation of a public/private key pair by diffie-hellman and then the exchange of public keys with the other end of the vpn tunnel. Once the public keys have been exchanged, a symmetric key is created from your private key and the public key you just received from the device at the end of the vpn tunnel.
My question is this "why is this done?"
Assuming you are using a pre-shared (symmetric) key, why go through all this to create another symmetric key? Why not just use the pre-shared key to encrypt/decrypt everything that goes into or comes out of the tunnel?
I'm sure there is a reason but I've have not been able to find a satisfactory explanation online. If there is a better group for me to post this to please let me know.
TIA