Hi Sadiq, Thanks for sharing the info. Let me just try to understand what Tyson has said which seems interesting to me.
I have 4 routers R1 & R2 are KS1,2 and R3/R4 are GM of KS1 (R1) R1 is KS1/R2 is KS2/R3 & R4 are GM of KS1 for instance. I need also to utilize R1 as a GM thus I can only subscribe it to KS2 & on R2 i will only subscribe it to KS1 (R1). What happens if R1 needs to talk to R4 recall that R1 is registered to KS2 & R4 is registered to KS1 (R1). As per my understanding that a policy will be downloaded from KS (which contains the ACL encrypted traffic, the transform-set..etc, there are also KEK/TEK which will be sent by the KS to the GM. Will it not create any kind of conflict problem having the policies/Keys received from 2 KS, assuming that the policies definitely have to match. Will this in any way affect the COOP operation (Active/Standby) operation of the KS? Thanks a lot for your help/feedback. Best Regards, On Mon, Nov 22, 2010 at 8:40 PM, Sadiq Yakasai <[email protected]> wrote: > Hi Karim, > > Thats correct. I believe if its a KS (KS1), then a router can only be a GM > if it subscribes to another KS (KS2). KS1 and KS2 can be running coop if you > want to. > > Someone correct me if I'm off target please. > > Sadiq > > On Mon, Nov 22, 2010 at 5:24 PM, karim jamali <[email protected]>wrote: > >> Dear Gents, >> >> I have a real world implementation regarding GET VPN & I would need some >> expertise help to confirm what I believe I understood. In a GET VPN >> scenario, the KS only provide KS functionality, i.e. the KS itself cannot >> be >> a GM subscribed to the KS and thus we have to dedicate one router or maybe >> two for redundancy for KS functionality apart from all the other routers >> as >> GM. Is this correct? Please if it is not I would appreciate if you will >> correct me. >> >> Thanks >> >> Regards, >> -- >> KJ >> >> >> Blogs and organic groups at http://www.ccie.net >> >> _______________________________________________________________________ >> Subscription information may be found at: >> http://www.groupstudy.com/list/CCIELab.html >> >> >> >> >> >> >> >> > > > -- > CCIEx2 (R&S|Sec) #19963 > -- KJ
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
