Comments on: Minimalistic GET VPN Example http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/ Helping you become a Cisco Certified Internetwork Expert Tue, 07 Feb 2012 02:21:38 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Blog Post Catalogue | CCIE Blog http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-139575 Blog Post Catalogue | CCIE Blog Tue, 21 Sep 2010 12:56:22 +0000 http://blog.ine.com/?p=2832#comment-139575 [...] A Minimalist GET VPN Example [...] [...] A Minimalist GET VPN Example [...]

]]> By: peter http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-108528 peter Tue, 04 May 2010 15:27:41 +0000 http://blog.ine.com/?p=2832#comment-108528 Good stuff ! Good stuff !

]]> By: Adrian http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-96372 Adrian Fri, 26 Feb 2010 06:36:34 +0000 http://blog.ine.com/?p=2832#comment-96372 Hi, quick question: So if I use just one Member Server there is NO way, the KEY server is able to encrypt/decrypt user traffic ? They just provide ipsec policies? Thanks. Hi, quick question:

So if I use just one Member Server there is NO way, the KEY server is able to encrypt/decrypt user traffic ? They just provide ipsec policies? Thanks.

]]> By: Anon http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-88296 Anon Fri, 08 Jan 2010 03:01:46 +0000 http://blog.ine.com/?p=2832#comment-88296 Just looking at this, if either site fails you will lose connectivity to the other as well? i.e. In a small business environment where potentially only 3-10 locations backing onto a private WAN/MPLS cloud. In smaller environments you wouldn't have the extra routers to act as a dedicated KS so they will double as GM in this sort of setup. Given that for RtrA to be a GM, it needs to register to RtrB and vice versa it seems GetVPN is actually reducing redundancy in that scenario. Only way around it I can think would be to have at least 3 KS operational so a single site failure does not bring down two sites. Just looking at this, if either site fails you will lose connectivity to the other as well?

i.e. In a small business environment where potentially only 3-10 locations backing onto a private WAN/MPLS cloud.

In smaller environments you wouldn’t have the extra routers to act as a dedicated KS so they will double as GM in this sort of setup.

Given that for RtrA to be a GM, it needs to register to RtrB and vice versa it seems GetVPN is actually reducing redundancy in that scenario.

Only way around it I can think would be to have at least 3 KS operational so a single site failure does not bring down two sites.

]]> By: Anantha Subramanian Natarajan http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-80989 Anantha Subramanian Natarajan Tue, 24 Nov 2009 19:20:23 +0000 http://blog.ine.com/?p=2832#comment-80989 Thank you petr for the article ..... Regards Anantha Subramanian Natarajan Thank you petr for the article …..

Regards
Anantha Subramanian Natarajan

]]> By: SecLearner http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-80776 SecLearner Mon, 23 Nov 2009 23:34:53 +0000 http://blog.ine.com/?p=2832#comment-80776 Would have preferred a small topology diagram. Are R4 and R5 connected using 173.1.45.x? I used the topology that came with the VOD and I think I put the GETVPN_MAP in the wrong interface. I could not see the traffic go through the VPN and saw ping timeouts. Otherwise, please keep them coming. I love it. SecLearner. Would have preferred a small topology diagram. Are R4 and R5 connected using 173.1.45.x? I used the topology that came with the VOD and I think I put the GETVPN_MAP in the wrong interface. I could not see the traffic go through the VPN and saw ping timeouts.

Otherwise, please keep them coming. I love it.

SecLearner.

]]> By: Tacack http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-80645 Tacack Mon, 23 Nov 2009 06:13:55 +0000 http://blog.ine.com/?p=2832#comment-80645 Great article Petr. Always a fan! :) Great article Petr. Always a fan! :)

]]> By: fonesurj http://blog.ine.com/2009/11/21/minimalistic-get-vpn-example/#comment-80569 fonesurj Mon, 23 Nov 2009 00:36:51 +0000 http://blog.ine.com/?p=2832#comment-80569 We have deployed close to 1000 sites on GET. It is really important you follow the GET deployment guide. We have run into a number of scenarios that cause get to fail. The deployment guide compensates for most of these. Also, if you are using anything before 12.4(15)T9, then you MUST have the GMs use the local loopback as their peer point, or GET will not recover after a circuit bounce. We have deployed close to 1000 sites on GET. It is really important you follow the GET deployment guide. We have run into a number of scenarios that cause get to fail. The deployment guide compensates for most of these.

Also, if you are using anything before 12.4(15)T9, then you MUST have the GMs use the local loopback as their peer point, or GET will not recover after a circuit bounce.

]]>