I am wishing to deploy GET VPN to some segments of our private WAN (provider based MPLS).
At the moment it would initially be deployed to four routers than expanding from there.
The KS router which is hosted in our data center would be the keyserver however also I wish this to be a group member for traffic to pass through on one of the routers interfaces to a secured subnet.
Unfortunately due to the current design I only have 4 routers to work with and all 4 need to participate in GET VPN.
I have been able to setup and initate crypto sessions between the KS and GM (1) however when traffic is passed from GM (1) to the protected subnet hanging off KS I see the following in the GM (1) logs;
%CRYPTO-4-RECVD_PKT_NOT_IPSEC etc etc
The first point would be though can a KS also be a GM ? so that all 4 routers can exchange secured traffic.
Thanks in advanced.