GETVPN - Viptella Overlay

Adam Hinchliff · ‎10-20-2020

Hi Team,

We are implementing Cisco SDWAN (Viptella) with the underlay/overlay network.

Questions: Can the brains trust see any issue with utilizing GETVPN over the Overlay. Keeping in mind the Overlay is secure a secure tunnel.

Thanks!

Mohammed al Baqari · ‎10-20-2020

Top of my head, you are reducing performance by adding another IPSec header
to packets. SDWAN overlay is already encrypted as you already mentioned.
Also, are you going to include the traffic to vEdge and vManage in the
GETVPN cloud.? Otherwise, you might lose the ability to select the best
path.

I believe this might be an overkill and don't see real value of encrypting
the encrypted.

***** please remember to rate useful posts

balaji.bandi · ‎10-21-2020

Personally, I will not do that. what is the use case for GETVPN, when SD-WAN able to provide the same secure connection?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Adam Hinchliff · ‎10-21-2020

It is only interim (2months) until we have a second overlay network configured.

Currently, our process control network utilizes GETVPN to ensure secure connectivity over the IT Network.

SDWAN is coming online with the second (PCD) overlay coming not long after. We are just in the unfortunate cross over phase.