06-10-2011 04:45 AM - edited 02-21-2020 05:23 PM
hi,
please, i got some issues understanding why and where we should apply the crypto map in a getvpn topology, where the GM has multiple interfaces that connect either to a KS or other GM's ie
(a) GM (b) GM (c) GM
/ / /
GM------KS GM----GM GM-----KS
\
GM
secondly is it possible to configure GETvpn on a VTI???
06-13-2011 06:44 PM
Hi,
With GETVPN, you want to apply the gdoi crypto map on all the WAN interfaces towards the core facing the other GM's. So in your example, for (a), it's the interface towards the other GM, for (b) and (c), you'd need to apply it on both interfaces facing the other two GM's. Also, with (b) and (c), it's recommended to use a single local-address as the registration interface so that the KS doesn't see them as 2 separate GM's.
Hope this helps.
Thanks,
Wen
07-06-2011 10:34 PM
thanx wzhang, really appreciate the explanation just need a little clearification regarding the use of a single local address for the registration interface. thanx a lot
07-07-2011 02:54 PM
Hi,
You can find a detailed explanation in the GETVPN design and implementation guide here:
See section 4.2.1.2.3.
Hope this helps.
Thanks,
Wen
07-12-2011 12:50 AM
thanks... really helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide