08-29-2010 11:07 PM - edited 03-04-2019 09:35 AM
Hello to the community!
We have deployed GETVPN with 4 KS (1 primary, 3 coop) in the same location. My understanding was that eventhough one gm could register to any of the KS (according to the order with which they have been configured on the gm) the ACL would always be downloaded from the primary KS. In practice I have seen that sometimes the gm registers to a KS and also gets its ACL from the same KS. Is there something I am missing or is this expected behaviour?
Thank you in advance
Katerina
Solved! Go to Solution.
08-30-2010 10:57 AM
Hi Katerina,
I think the policy ACL is downloaded from the registered KS, but the ACL was pushed from primary KS. Not sure if you can run some simple test in your network. Let's make some policy changes only on the primary KS, that should trigger a rekey to all GMs. After the rekey, we check the download ACL on GMs, see if it is the new policy ACL(only on primary KS) or the old policy ACL(on secondary KS).
Regards,
Lei Tian
08-30-2010 10:57 AM
Hi Katerina,
I think the policy ACL is downloaded from the registered KS, but the ACL was pushed from primary KS. Not sure if you can run some simple test in your network. Let's make some policy changes only on the primary KS, that should trigger a rekey to all GMs. After the rekey, we check the download ACL on GMs, see if it is the new policy ACL(only on primary KS) or the old policy ACL(on secondary KS).
Regards,
Lei Tian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide