Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GET VPN over DMVPN and Key Server as Hub

Hi,

I'm looking at deploying a GET VPN solution over DMVPN with a couple of Key Servers acting as hubs. Is this at all possible? To be both a key server and hub at the same time encrypting traffic from the hub (and what goes through it) to the Group Members...


I've got the basic config up and running using pre-shared keys for phase 1 negotiation and have SAs established, but I'm (of course) not able to ping the key servers tunnel interface from the group member (no phase 2 SA I guess).

Any input is greatly appreciated.

Thank you

/JZN

3 REPLIES

Re: GET VPN over DMVPN and Key Server as Hub

GETVPN was not designed to be run over the public internet, that is the role of DMVPN. Why do you want to run both?

New Member

Re: GET VPN over DMVPN and Key Server as Hub

I want to run GET VPN over DMVPN because of the following benefits:

* Pre-established tunnels (no packets lost in tunnel establishment)

* Periodic re-key equals enhanced security (in my opinon)


And the reason why I'm combining GET VPN with DMVPN is the obvious that GET VPN keeps the original header information. By the way Cisco encourages enterprises to use GET VPN over the Internet: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_qas0900aecd80582072.html

I'm sure there are losts of other reasons.

New Member

Re: GET VPN over DMVPN and Key Server as Hub

1203
Views
0
Helpful
3
Replies