Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GET VPN clarification

Hi,

We are in the process of designing a GET VPN solution. Each client A,B,C has an HO and DR. A-HO,B-HO,C-HO are inter-connected same with A-DR,B-DR,C-DR. Naturally bet. HO & DR are connected as well. Assuming client A-HO will be the HUB for B-HO & C-HO and A-DR will be the HUB for B-DR & C-DR, based on the doc I have read we can deploy Key Server 1 in A-HO and Key Server 2 A-DR.

Q1. Is it required to deploy Group Member Router to A-HO and A-DR along with Key Server? Can the Key Server will be the Group-Member as well?

Q2. Is there any license required to enable the redundancy on Key Servers on the same site?

Q3. If the Key Servers are in A-HO and A-DR will it require a license?

Q4. Is it possible to deploy a redundant Group-Member? For Active-Standby scenario, will it interrupt the tunnel the moment it will switch-over?

Appreciate if you could clarify these issues.

TIA.

4 REPLIES
New Member

Re: GET VPN clarification

I think you mean Key server as authentication server. Ya, it is possble for make the device at HQ to be used for user authentication purpose.

New Member

Re: GET VPN clarification

Hi,

Does anyone here in the forum who can guide me the basic configuration based on the enterprise network not within an isp (example given here was based on bgp). I started my practice lab w/3 routers and L3 switch.

Assuming I don't have the PKI and AAA servers, will it be sufficient enough?

Any info is highly appreciated. TIA.

New Member

Re: GET VPN clarification

Anyone from Cisco? Please advise.

Thanks.

New Member

Re: GET VPN clarification

Thanks for your reply. What about the PKI server is it really a must to include in the get vpn deployment? or this is only for RA (Registration Authority) purpose? If it is, can we enable PKI server on the same Key Server?

What abt the Management GW, can I include this task in the Group Member of the hub network? or it's also required to have a separate router to form the management tunnel?

Hope someone from this forum could help me to clarify these issues.

TIA.

111
Views
0
Helpful
4
Replies
CreatePlease login to create content