GETVPN (GM) multiple Interfaces

adepojutayo · ‎06-10-2011

hi,

please, i got some issues understanding why and where we should apply the crypto map in a getvpn topology, where the GM has multiple interfaces that connect either to a KS or other GM's ie

(a) GM (b) GM (c) GM

/ / /

GM------KS GM----GM GM-----KS

\

GM

secondly is it possible to configure GETvpn on a VTI???

wzhang · ‎06-13-2011

Hi,

With GETVPN, you want to apply the gdoi crypto map on all the WAN interfaces towards the core facing the other GM's. So in your example, for (a), it's the interface towards the other GM, for (b) and (c), you'd need to apply it on both interfaces facing the other two GM's. Also, with (b) and (c), it's recommended to use a single local-address as the registration interface so that the KS doesn't see them as 2 separate GM's.

Hope this helps.

Thanks,

Wen

adepojutayo · ‎07-06-2011

thanx wzhang, really appreciate the explanation just need a little clearification regarding the use of a single local address for the registration interface. thanx a lot

wzhang · ‎07-07-2011

Hi,

You can find a detailed explanation in the GETVPN design and implementation guide here:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf

See section 4.2.1.2.3.

Hope this helps.

Thanks,

Wen

adepojutayo · ‎07-12-2011

thanks... really helpful.