We are planning to implement Get VPN in our organization and are collecting and placing pieces required to carryout Get VPN implementation. And I have a question regarding this.
Do we really need a dedicated Key Server? I mean I know that the Key Server cant be a group member but here is my question. I have a router which is configured for some Voice Features. And I dont want this to be a member of my Get VPN infrastructure (but it will be on the network and accessible at remote locations and offices). So can this router be configured as the Key Server and still perform other services like voice features or other stuff? I really need to know if this can work.
I would really appreciate a quick and exact answer as this forum is my last resort. Thanks in advance.
You definitely need a Key Server as that is router which is going to push the security polices to the Group members. But it can't be part of the IPSec connections i.e., not a Group member.
You can run other services and features on that router. But it should not affect the ISAKMP and GDOI traffic from the Group Members.