I have been reading up on this new IOS feature and was curious if anyone has opinion on this subject. Infomation is scarce, no doubt due to it being a new method. However, it may be exactly what we are looking for given our infrastructure and I would like to know if it works as advertised. Thanks...
In extending GDOI by encrypting and authenticating both multicast and unicast traffic, the Group Encrypted Transport provides benefits to a variety of applications:
Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic
Enables high-scale network meshes and eliminates complex peer-to-peer key management with group encryption keys
For MPLS networks, maintains the network intelligence such as full-mesh connectivity, natural routing path, and QoS
Grants easy membership control with a centralized key server
Helps ensure low latency and jitter by enabling full-time, direct communications between sites, without requiring transport through a central hub
Reduces traffic loads on customer premises equipment (CPE) and provider-edge encryption devices by using the core network for replication of multicast traffic-avoiding packet replication at each individual peer site
We're currently rolling out a new global MPLS network and were going to use DMVPN for added security but scalability is a worry. GET VPN's look ideal for our requirement also but the biggest showstopper for us is that it needs 12.4(11)T IOS. Key server placement also looks critical and Cisco strongly recommend VPN acceleration hardware.
Anyway - we'll probably pilot it sometime over the next 3-6 months so post again later and I'll let you know how we got on.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...