This document will guide you on how to setup GET VPN using multicast mechanism over your network. This will come handy for all CCIE Security aspirants.
2. Introduction
In this session we will review below points:
• Building blocks in setting up GETVPN for Multicast
• Review the implementation steps on KS and Group members
• Lab fun
6/30/2021
4. Introduction
• In Ipsec VPN where new IP Address were added along with the outer header as shown below, in
tunnel mode.
• With GET VPN it ensure the private address is preserved. Which makes GET VPN, usable only on
the private LAN. We cannot use Transport Mode as it might cause fragmentation errors.
6/30/2021
5. Introduction
• Two Types of Keys:
• KEK ( Key Encryption Key)
• TEK (Traffic Encryption Key)
• When the lifetime expires, we can configure our VPN to send rekey messages in either unicast (
with acknowledgement) or multicast mode ( no acknowledgement).
6/30/2021
11. ISP Configuration
• ISP Configuration
ip multicast-routing distributed
!
interface GigabitEthernet1
ip address 11.11.11.100 255.0.0.0
ip pim dense-mode
negotiation auto
!
interface GigabitEthernet2
ip address 12.12.12.100 255.0.0.0
ip pim dense-mode
negotiation auto
!
interface GigabitEthernet3
ip address 13.13.13.100 255.0.0.0
ip pim dense-mode
negotiation auto
!
6/30/2021