Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Get VPN deployment issues

Unanswered Question
Aug 15th, 2010
User Badges:

Hi All,

I am wishing to deploy GET VPN to some segments of our private WAN (provider based MPLS).

At the moment it would initially be deployed to four routers than expanding from there.

The KS router which is hosted in our data center would be the keyserver however also I wish this to be a group member for traffic to pass through on one of the routers interfaces to a secured subnet.

Unfortunately due to the current design I only have 4 routers to work with and all 4 need to participate in GET VPN.

I have been able to setup and initate crypto sessions between the KS and GM (1) however when traffic is passed from GM (1) to the protected subnet hanging off KS I see the following in the GM (1) logs;


The first point would be though can a KS also be a GM ? so that all 4 routers can exchange secured traffic.

Thanks in advanced.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jan.nielsen Sun, 08/15/2010 - 11:54
User Badges:
  • Gold, 750 points or more

According to cisco, the KS can't be a GM as well.


Luke Fuller Sun, 08/15/2010 - 15:53
User Badges:

Thought that would be the case.

What other alternatives would you recommend to encrypt the traffic from each router allowing any-any communication.


jan.nielsen Mon, 08/16/2010 - 09:49
User Badges:
  • Gold, 750 points or more

Depends, if you need something easy for 4 sites do regular GRE/IPSEC, you will be doing more config, but it works for smaller environments, if you wanna go a little more advanced go with DMVPN, this will also be dynamic, so you don't need to build static any-any tunnels


This Discussion

Related Content