11-21-2012 09:30 PM
Dear All,
I am newbie to GET VPN technology. Just wanted to know how the KEK and TEK keys are generated on Key server and how it is distributed to the GMs.
Also how rekey is generated if all the keys has been used?????
11-21-2012 11:40 PM
KEK represents the encryption of the control plane [ very similar to the ike phase I]. Usual lifetime 1 day
TEK represents the encryption of the data plane [ aka ipsec phase II] - Usual lifetime 1 or 2 h.
Rekey is always pushed by the key server.
For complete understanding U might have a look at
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf
Cheers,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
