In GETVPN, the original IP Header is preserved and a copy of the original IP Header is placed in front of the ESP. If you look through the below URL, "Figure 2" compares the encrypted packet in IPSEC and Group Encrypted Transport. In traditional IPSEC, there is a new IP header that is typically, the VPN Servers outside IP Address which is valid routable IP's on the internet. In GET, since the encrypted packets contains a copy of the original IP Header, most of the time the packets are private and not routable on the internet.
GET technology suits MPLS VPN Environment, because your networks are put into a VRF and switched across the Service Provided Network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...