I am wishing to deploy GET VPN to some segments of our private WAN (provider based MPLS).
At the moment it would initially be deployed to four routers than expanding from there.
The KS router which is hosted in our data center would be the keyserver however also I wish this to be a group member for traffic to pass through on one of the routers interfaces to a secured subnet.
Unfortunately due to the current design I only have 4 routers to work with and all 4 need to participate in GET VPN.
I have been able to setup and initate crypto sessions between the KS and GM (1) however when traffic is passed from GM (1) to the protected subnet hanging off KS I see the following in the GM (1) logs;
%CRYPTO-4-RECVD_PKT_NOT_IPSEC etc etc
The first point would be though can a KS also be a GM ? so that all 4 routers can exchange secured traffic.
Depends, if you need something easy for 4 sites do regular GRE/IPSEC, you will be doing more config, but it works for smaller environments, if you wanna go a little more advanced go with DMVPN, this will also be dynamic, so you don't need to build static any-any tunnels
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :