We are in the process of designing a GET VPN solution. Each client A,B,C has an HO and DR. A-HO,B-HO,C-HO are inter-connected same with A-DR,B-DR,C-DR. Naturally bet. HO & DR are connected as well. Assuming client A-HO will be the HUB for B-HO & C-HO and A-DR will be the HUB for B-DR & C-DR, based on the doc I have read we can deploy Key Server 1 in A-HO and Key Server 2 A-DR.
Q1. Is it required to deploy Group Member Router to A-HO and A-DR along with Key Server? Can the Key Server will be the Group-Member as well?
Q2. Is there any license required to enable the redundancy on Key Servers on the same site?
Q3. If the Key Servers are in A-HO and A-DR will it require a license?
Q4. Is it possible to deploy a redundant Group-Member? For Active-Standby scenario, will it interrupt the tunnel the moment it will switch-over?
Does anyone here in the forum who can guide me the basic configuration based on the enterprise network not within an isp (example given here was based on bgp). I started my practice lab w/3 routers and L3 switch.
Assuming I don't have the PKI and AAA servers, will it be sufficient enough?
Thanks for your reply. What about the PKI server is it really a must to include in the get vpn deployment? or this is only for RA (Registration Authority) purpose? If it is, can we enable PKI server on the same Key Server?
What abt the Management GW, can I include this task in the Group Member of the hub network? or it's also required to have a separate router to form the management tunnel?
Hope someone from this forum could help me to clarify these issues.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :