Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

GETVPN Questions

pj_machado
Level 1
Level 1

‎03-17-2021 03:28 PM

Hello to the community!

 

I know that the best design for a GETVPN architecture is with at least two KS, but due to a specific problem here at work, I will set up an infrastructure with only 1 KS.

 

The question is, when KS is unavailable, and GMs are unable to re-key, GMs just stop encrypting traffic, that is, the network continues to function without encryption capabilities; or the GMs stop sending all the traffic and this way the whole network goes down?


Thank you in advance

Paulo Machado

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2021 01:00 AM

KS and GM are very key components in GETVPN - if this is a large network and it is suggested to have always dual for resilience purpose.

 

good explanation here for each role:

 

https://lostintransit.se/2016/02/12/ccde-introduction-to-get-vpn-and-get-vpn-design-considerations/

 

here is troubleshoot guide to help you :

 

https://www.cisco.com/c/en/us/support/docs/security/group-encrypted-transport-vpn/118125-technote-getvpn-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents