Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GET VPN

Hi ,

We are trying to deploy GET(Group Encrypted Tunnel) VPN in our LAB and in the process of that, we were able to setup a key server and 2 group members. In addition to that, we would like to know, whether its possible to configure the key server as also a group memeber router.

Kindly let us know, if you have any answers related to it.

Thanking You

Regards

Anantha Subramanian Natarajan

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: GET VPN

I thought I heard it is in the roadmap.

I believe the limitation at some level helps to protect the architecture by requiring the usage of a dedicated router in this first release. In a production environment you would want to avoid any uneccessary additional load/features running on the key server that may negatively impact the critical key server functions.

Cisco Employee

Re: GET VPN

Indeed, we (Cisco) intentionally wanted to separate the KS from the GM functionality. One of the primary reasons is to avoid the data plane (ESP) from affecting the control plane (IKE/GDOI). By moving the control plane off of the data plane path, we're able to scale to larger networks. There's nothing to preclude you from running the KS on a very small platform in the lab (say an 1800).

Scott Wainner

Cisco Employee

Re: GET VPN

The Key Server and Group Member functionality cannot be co-resident on the same platform.

12 REPLIES
New Member

Re: GET VPN

Hi

I think that's not an option with the current software.

L@rs

New Member

Re: GET VPN

Hi Lars,

Thank you very much and is there any roadmap for the same in the upcomming IOS. Kindly let me know,if you are aware about that.

Thanks

Regards

Anantha Subramanian Natarajan

New Member

Re: GET VPN

I thought I heard it is in the roadmap.

I believe the limitation at some level helps to protect the architecture by requiring the usage of a dedicated router in this first release. In a production environment you would want to avoid any uneccessary additional load/features running on the key server that may negatively impact the critical key server functions.

New Member

Re: GET VPN

Hi Gistem,

Thank you very much for the answer

Regards

Anantha Subramanian Natarajan

Cisco Employee

Re: GET VPN

Indeed, we (Cisco) intentionally wanted to separate the KS from the GM functionality. One of the primary reasons is to avoid the data plane (ESP) from affecting the control plane (IKE/GDOI). By moving the control plane off of the data plane path, we're able to scale to larger networks. There's nothing to preclude you from running the KS on a very small platform in the lab (say an 1800).

Scott Wainner

New Member

Re: GET VPN

Hi Scott,

Thanks .....Great.

Regards

Anantha Subramanian Natarajan

Re: GET VPN

HI Anantha Subramanian Natarajan,

Could you please provide me your complete LAB Configuration + Setup Diagram done.

1. Key Server Config

2. 2 - Group Members Config

+ small diagram describing the Setup.

Please attached in the POST or forward to the e-mail id:

itguruprasad@yahoo.com

Thanks in Advance for Help.

Best Regards,

Guru Prasad R

New Member

Re: GET VPN

Hi Guru Prasad R,

I have send the configs and a topology diagram for your reference. Let me know, If you need any help on this which I would be able to help

Regards

Anantha Subramanian Natarajan

Re: GET VPN

HI Anantha Subramanian Natarajan,

Have Rated your POST.

I received your Config and Topology Digs and it was very helpful.

If i have any clarifications on the same, i will come back to you.

Thanks again for your help

Best Regards,

Guru Prasad R

New Member

Re: GET VPN

Hi Guru Prasad,

Thanks and no probs

Regards

Anantha Subramanian Natarajan

Cisco Employee

Re: GET VPN

The Key Server and Group Member functionality cannot be co-resident on the same platform.

New Member

Re: GET VPN

Thanks swainner

339
Views
9
Helpful
12
Replies