Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1744
Views
0
Helpful
1
Replies

Need clarification on the TEK and KEK in GETVPN

pradeepkumar83
Level 1
Level 1

‎05-03-2011 12:42 AM - edited ‎02-21-2020 05:18 PM

Hi,

can anyone please tell me about the TEK and KEK in GETVPN.

I know that the TEK is the IPSec policies that used to protect the traffice between the GM.

Whether KEK is generated by KS or we need to configure any specific config in the KS, and how can we see the KEK policies used in KS.

Thanks,

Pradeep

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎05-03-2011 01:24 AM

Pradeep,

You're right on the money with TEK.

KEK is a way to secure rekeys sent from KS.

To some extent you can change what rekey parameters you accept by doing this on GM:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_trns_vpn_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1234692

Buy majority is set with "rekey" statments under "server local" in GDOI group config on KS.

HTH,

Marcin

0 Helpful
Customers Also Viewed These Support Documents