Our organization has 200 branches country wide. Recently a cisco vendor adviced us to move to GET VPN. We are currently using DMVPN.
Let me simplify our scenario. Lets say i have hub and spoke topology. All the branches are given seperate /30 subnet, that is routed to our main aggregation subnet /30. We then configure DMVPN tunnel and run ospf to provide lan to lan connectivity. So far the scenario is simple. Now the consultant told us, that we wont be requiring any tunnels since GET VPN supports multicast and is able to form ospf adjacencies.
My point is, how can ospf adjacecny be made if i have different subnet between hub and branches ?
One of the main attributes of Group Encrypted Transport VPN (GET VPN) solution is that it offers IP header preservation while using IPsec tunnel mode. Thus, packets protected by IPsec in a GET VPN setup, retain the original source and destination addresses in the "outer" IP header rather than replacing them with tunnel endpoint addresses. GET VPN is not Hub to Spoke, think of it more like a solution where one is providing any to any encryption within a group of trusted sites.
Given the above, if you have basic L3 connectivity between your sites GET-VPN will work on top of that transparently, you will not need an overlay IP network like with DMVPN tunnels.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :