Hi all I can anyone provide some feedback on the following points, it would be greatly appreciated, thanks.
Is GET VPN be a better choice than DMVPN in order to support VoIP, Video over IP, Advanced QoS and Multicast? I think it should be the better choice based on what is described as the benefits and how it works but I just want an expert opinion.
Can separate groups be created using the same key serves? I need to protect two functionally separate WAN segments that terminate on the same DC core routers. However I want the separate WAN segments to have different encryption policies. Is this possible?
It is stated in the deployment guide for GET VPN that "Network Address Translation (NAT) is not supported by GETVPN. NAT must be performed before encryption or after decryption when GET is used." However the NAT capability is required on all the routers. Can anyone offer any real world advice on this and why it will not work?
The 2900 series routers has embedded hardware encryption but according to the router perfomance guide, with a mix of traffic such as NAT, QoS and IPSec VPN they are unable to provide 100 mbps of throughput. Does anyone know if the new ISM VPN modules would allow the routers to acheive 100 mbps of throughput with the services mentioned above?
I know it's a lot to ask but it would really appreciated, thanks.
In the design guide for DMVPN spoke to spoke has limited QoS and seems to only support RIPv2 and EIGRP, however I am currently running OSPF so it seems GET VPN will be a better fit.
Can you share the source? I'm not sure I get all the implications :-)
In all our crypto implmentations NAT is done before encryptiona and after decryption, I'm not aware of GDOI being any different. Please take care that GDOI talks with non-NATed IPs.
Edit: Just to add to QoS for DMVPN; Since we have one multipoint interface we cannot differentiate different spokes easily (unless we use NHRP - in case of per-tunnel QoS). Upcoming implementations will allow a lot more flexibility in this regard, for more news, wait till Cisco Live :-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...