Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
0
Helpful
2
Replies

Show crypto gdoi ks policy shows two TEK policy

pradeepkumar83
Level 1
Level 1

‎11-15-2011 08:39 PM

The "show crypto gdoi ks policy" command shows one KEK and two TEK policy. The TEK policies have different SPI number with same policy details.

can any one explain how this works.

Labels:
0 Helpful
2 Replies 2

vikz230884
Level 1
Level 1

‎11-15-2011 09:13 PM

Hi Partheep,

The KEK is key encryption key which encrypt the control plane traffic, while TEK is traffic encryption key, which encrypt the actual data plane traffic.

TEK policies is what you defined in the ACL (the traffic you want to encrypt), so it depends on the entry of the ACL.

cisco doc explain this:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf

HTH,

Vikram

0 Helpful

pradeepkumar83
Level 1
Level 1
In response to vikz230884

‎11-15-2011 10:32 PM

Hi Vikram,

Thanks for the reply.

0 Helpful
Customers Also Viewed These Support Documents