>From my understanding If we use internet as a transport of GETVPN. - The GM will get a GDOI_REKEY/GDOI_IDLE a will able to download ACL from the KS right? - But there will be no traffic encryption from GM to other GMs (Private IP used) - traffic encryption from GM to other GMs if Public IP is used
I might be wrong or may be lacking something. Please post any additional information. Thanks On Fri, Sep 4, 2009 at 4:23 AM, Tyson Scott <[email protected]> wrote: > >> It was designed for internal encryption. I.E. between branches of a >> financial institutions, government entities, etc, or other hypersensitive >> information companies. It is very well designed for this purpose. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S and Security >> >> Technical Instructor - IPexpert, Inc. >> >> >> Telephone: +1.810.326.1444 >> Cell: +1.248.504.7309 >> Fax: +1.810.454.0130 >> Mailto: [email protected] >> >> >> >> Join our free online support and peer group communities: >> http://www.IPexpert.com/communities >> >> >> >> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On >> Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, >> CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE >> Storage Lab Certifications. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Thursday, September 03, 2009 6:09 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] GETVPN in internet >> >> >> >> Hi all >> >> >> >> GETVPN is an IPSec feature which adds the IP source/destination address >> from the payload which was encrypted. It is equivalent to IPSec transport >> mode. Due to this feature, GETVPN can't be used on private networks like >> MPLS but not on Internet. >> >> >> >> Does anyone know, why was GETVPN implemented this way where it uses the >> original IP source/destination address and thereby can't be used on >> Internet? >> >> >> >> >> >> >> >> >> >> With regards >> >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
