11-15-2011 08:39 PM
The "show crypto gdoi ks policy" command shows one KEK and two TEK policy. The TEK policies have different SPI number with same policy details.
can any one explain how this works.
11-15-2011 09:13 PM
Hi Partheep,
The KEK is key encryption key which encrypt the control plane traffic, while TEK is traffic encryption key, which encrypt the actual data plane traffic.
TEK policies is what you defined in the ACL (the traffic you want to encrypt), so it depends on the entry of the ACL.
cisco doc explain this:
HTH,
Vikram
11-15-2011 10:32 PM
Hi Vikram,
Thanks for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide