Been a long time since I've posted on here, but new to GETVPN, been asked to diabled fully without any down time, so looks like all GM have a open fail policy and no local ACLs.
what would you good people suggest as good way to allow traffic just to pass over the MPLS as normal not use the GETVPN?
Thanks in advance
Currently my options are
1) Deny ip any any on KS gdoi ACL (wait a week to see if any fallout, then safety remove config on GMs)
2) Remove all GM peer IP addresses on KSs
3)on GMs remove VPN map command from interfaces as you suggested.