Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1753
Views
0
Helpful
1
Replies

Multiple GETVPN groups inter-connectivity issue

dansmahajan
Community Member

‎06-27-2019 03:18 AM - edited ‎02-21-2020 09:41 PM

Greeting Everyone!!

I'm trying to stimulate an environment where I've DC and DR locations and remote sites have to access DC/DR services.

 

For security, GETVPN is used. Initially tried using only one KS group (with R1,R2 and R12 in COOP) but apparently GM cannot communicate with KS over IPSEC because KS cannot be GM to itself.

So, tried with two groups wherein R1,R2 form Group-1(G1) and R12,R2 form Group-2 (G2). And each KS Group is a GM of other group i.e. R1 will act as KS for G1 and GM for G2, similarly R12=KS for G2 and GM for G1 & to ensure redundancy R2 will act as COOP for G1 and G2 both.

 

Now, the issue is if group-1 is given priority in GM-1 (in crypto map) then GM-1 can access G-2 member R12 but not

R1 and if Group-2 is given priority (in crypto map) in GM-2 then it can access R1 but not R12.

 

Is there any way to use crypto map gdoi based on the remote?

 

Ultimate aim to decrypt the traffic at ingress routers. What should I do ?? Please guide.

 

Labels:
0 Helpful
1 Reply 1

dansmahajan
Community Member

‎06-30-2019 10:15 PM

R4 config:

crypto map GDOIMAP 2 gdoi

set group GDOI_GROUP_DR

crypto map GDOIMAP 10 gdoi

set group GDOI_GROUP

 

Issue is R4 always uses crypto map 2 for encrypting data but R10 uses encryption of crypto map 10 (being GM of G-1)

 

So is there any way to deal with this ?

0 Helpful
Customers Also Viewed These Support Documents