08-24-2011 01:47 PM - edited 03-04-2019 01:23 PM
Hello,
I have a question about configuring two GETVPN groups in the same Group Member device.
Scenario: CE router running BGP connected to PE router on MPLS provider. CE router is running GETVPN on group 123. User asking to create a separate VPN environment to encrypt traffic originated from one /32 (loopback) interface on each CE router to a router in the Data Center running GETVPN on group 123.
Idea: I am thiking on creating a second group on each CE (GM) with number 345 using the same ISAKMP SA.
Questions:
Do I Need to change the IPSec Keys (KEK / TEK) for that?
Is it possible? Is there a document or configuration sample that I can use?
Thanks.
08-25-2011 06:47 AM
09-02-2011 08:45 AM
Hi Collin,
I do have that document but it is really missing information when it comes to multiple groups. I guess Cisco has to review that.
I was able to configure and test the multiple group. It works fine.
So I appreciate your help.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide