GET VPN clarification

Unanswered Question
Feb 26th, 2007


We are in the process of designing a GET VPN solution. Each client A,B,C has an HO and DR. A-HO,B-HO,C-HO are inter-connected same with A-DR,B-DR,C-DR. Naturally bet. HO & DR are connected as well. Assuming client A-HO will be the HUB for B-HO & C-HO and A-DR will be the HUB for B-DR & C-DR, based on the doc I have read we can deploy Key Server 1 in A-HO and Key Server 2 A-DR.

Q1. Is it required to deploy Group Member Router to A-HO and A-DR along with Key Server? Can the Key Server will be the Group-Member as well?

Q2. Is there any license required to enable the redundancy on Key Servers on the same site?

Q3. If the Key Servers are in A-HO and A-DR will it require a license?

Q4. Is it possible to deploy a redundant Group-Member? For Active-Standby scenario, will it interrupt the tunnel the moment it will switch-over?

Appreciate if you could clarify these issues.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dsweeny Fri, 03/02/2007 - 12:35

I think you mean Key server as authentication server. Ya, it is possble for make the device at HQ to be used for user authentication purpose.

dondongamo Mon, 03/05/2007 - 05:17


Does anyone here in the forum who can guide me the basic configuration based on the enterprise network not within an isp (example given here was based on bgp). I started my practice lab w/3 routers and L3 switch.

Assuming I don't have the PKI and AAA servers, will it be sufficient enough?

Any info is highly appreciated. TIA.

dondongamo Wed, 03/07/2007 - 11:56

Thanks for your reply. What about the PKI server is it really a must to include in the get vpn deployment? or this is only for RA (Registration Authority) purpose? If it is, can we enable PKI server on the same Key Server?

What abt the Management GW, can I include this task in the Group Member of the hub network? or it's also required to have a separate router to form the management tunnel?

Hope someone from this forum could help me to clarify these issues.



This Discussion