As per my understanding GET VPN is just an overlay encryption . If we have point-to-multipoint connections from ISP we can directly run routing protocol on the routers rathar than making tunnels but ISP router will also have to start the same routing process number for things to work . The ISP can sniff packets so we make GET VPN having key servers .
Now my point is that I have heard from several sources that letting ISP know about your internal routes is not a good thing to do due to security reasons . Is that correct ? If this is correct then how people around the globe work on technologies like GET VPN .
Regarding VPN, you need to understand what the solution is desgined for.
It's not meant to internet (DMVPN Is the closest "equivalent")
Prime example, and a very common case, is to provide encryption in L3 MPLS VPN scenario.
Chances are that you're already talking OSPF to your ISP exchanging routes for other destinations (unless you're only provided a default route which is also possible).
You have sevaral locations connected to a cloud. The ISP will know parts of your addressing space to route the packets within MPLS cloud.
GETVPN is there only to provide encryption for transit traffic, it's not mean to "hide" IP addresses because it could break routing. Then again, it's a simple mechanism, "If it matched policy, I will encrypt it" routing/obfustacting is outside of the scope.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :