Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Show crypto gdoi ks policy shows two TEK policy

The "show crypto gdoi ks policy" command shows one KEK and two TEK policy. The TEK policies have different SPI number with same policy details.

can any one explain how this works.

2 REPLIES
New Member

Show crypto gdoi ks policy shows two TEK policy

Hi Partheep,

The KEK is key encryption key which encrypt the control plane traffic, while TEK is traffic encryption key, which encrypt the actual data plane traffic.

TEK policies is what you defined in the ACL (the traffic you want to encrypt), so it depends on the entry of the ACL.

cisco doc explain this:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf

HTH,

Vikram

New Member

Show crypto gdoi ks policy shows two TEK policy

Hi Vikram,

Thanks for the reply.

812
Views
0
Helpful
2
Replies
CreatePlease to create content