08-15-2010 01:09 AM
Hi All,
I am wishing to deploy GET VPN to some segments of our private WAN (provider based MPLS).
At the moment it would initially be deployed to four routers than expanding from there.
The KS router which is hosted in our data center would be the keyserver however also I wish this to be a group member for traffic to pass through on one of the routers interfaces to a secured subnet.
Unfortunately due to the current design I only have 4 routers to work with and all 4 need to participate in GET VPN.
I have been able to setup and initate crypto sessions between the KS and GM (1) however when traffic is passed from GM (1) to the protected subnet hanging off KS I see the following in the GM (1) logs;
%CRYPTO-4-RECVD_PKT_NOT_IPSEC etc etc
The first point would be though can a KS also be a GM ? so that all 4 routers can exchange secured traffic.
Thanks in advanced.
Luke
08-15-2010 11:54 AM
According to cisco, the KS can't be a GM as well.
jan
08-15-2010 03:53 PM
Thought that would be the case.
What other alternatives would you recommend to encrypt the traffic from each router allowing any-any communication.
Luke
08-16-2010 09:49 AM
Depends, if you need something easy for 4 sites do regular GRE/IPSEC, you will be doing more config, but it works for smaller environments, if you wanna go a little more advanced go with DMVPN, this will also be dynamic, so you don't need to build static any-any tunnels
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide