Get VPN deployment issues

Unanswered Question
Aug 15th, 2010

Hi All,

I am wishing to deploy GET VPN to some segments of our private WAN (provider based MPLS).

At the moment it would initially be deployed to four routers than expanding from there.

The KS router which is hosted in our data center would be the keyserver however also I wish this to be a group member for traffic to pass through on one of the routers interfaces to a secured subnet.

Unfortunately due to the current design I only have 4 routers to work with and all 4 need to participate in GET VPN.

I have been able to setup and initate crypto sessions between the KS and GM (1) however when traffic is passed from GM (1) to the protected subnet hanging off KS I see the following in the GM (1) logs;

%CRYPTO-4-RECVD_PKT_NOT_IPSEC etc etc

The first point would be though can a KS also be a GM ? so that all 4 routers can exchange secured traffic.

Thanks in advanced.

Luke

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Luke Fuller Sun, 08/15/2010 - 15:53

Thought that would be the case.

What other alternatives would you recommend to encrypt the traffic from each router allowing any-any communication.

Luke

jan.nielsen Mon, 08/16/2010 - 09:49

Depends, if you need something easy for 4 sites do regular GRE/IPSEC, you will be doing more config, but it works for smaller environments, if you wanna go a little more advanced go with DMVPN, this will also be dynamic, so you don't need to build static any-any tunnels

Actions

This Discussion