in
IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
All Tags » GETVPN (RSS)

Browse Forum Posts by Tags

Showing related tags and posts for the CCIE Security Technical forum. See all tags in the site
  • GETVPN with certificates

    Hi. I have this topology: first KS: router 9 2nd KS: router 4 root CA: router 8 GMs: routers 1,2,3 I have configured R8 as root CA and created trustpoints on all of the other router and authenticate and enroll to that root CA; so I can see the relative certificates on the routers issued by R8. on R9...
    Posted to CCIE Security Technical (Forum) by timaz on 04-04-2016
  • Re: using PKI with GETVPN

    Hi Timaz, First of all, lets review the GETVPN keying process to get an understanding of why we need the keys. 1) GMs get Traffic encryption key (TEK) from the KS. 2) GMs get Key encryption key (KEK) from the KS. 3) GMs get Public key from the KS. TEK: Is used to encrypt data traffic between GETVPN GMs...
    Posted to CCIE Security Technical (Forum) by Seyi on 03-30-2016
  • using PKI with GETVPN

    Hi; I was reading GETVPN design and implement guide on Cisco website while noticed the writer has written that if we want to use certificates instead of the isakmp policy which is the very initial part of the configuration, we should generate an RSA key, e.g. KEY-1, but we should generate another RSA...
    Posted to CCIE Security Technical (Forum) by timaz on 03-30-2016
  • GETVPN and Interface ACL order of operations

    Hi, I was trying out GETVPN and I have a simple setup between 3 GETVPN routers. Since for GETVPN, reachability to remote subnets is required due to transport mode and lack of addition header, I thought that to protect the outer interface and ensure that all traffic is actually encrypted to apply an ACL...
    Posted to CCIE Security Technical (Forum) by Seyi on 03-29-2016
  • GET VPN over DMVPN

    Hi, I’m working now with GETVPN over DMVPN and I have some doubts about the lab in the WB. I expected the GETVPN encrypts traffic which is sent over Tunnel interface. The implementation presented in the WB is different and I’d like to ask you for your oppinion. The GET VPN ACL – traffic...
    Posted to CCIE Security Technical (Forum) by HubertW on 04-06-2014
  • GetVPN spokes IPsec come up but not spoke-Hub

    Hi, I'd like some help in identifying why this simple setup is not working. Simple Hub with 2 spokes (CS2 & CS3); Hub (CS1) is NTP and KEY server, each with one router behind for testing purposes. Below are the running configs and some show output. Bottom of the post shows the Hub does not have...
    Posted to CCIE Security Technical (Forum) by mgrann on 02-06-2014
  • Re: Unable to import rsa-key to COOP KS server

    I've found that this copy and paste just does not work well at all. You are probably better off just enabling a tftp server on the R1 and pulling it from there. I think it is crypto key export rsa NAME pem url flash and then crypto key import rsa TEST pem url tftp Of course in the real lab, its possible...
    Posted to CCIE Security Technical (Forum) by thatgeekinit on 04-04-2011
  • "crypto key import rsa" command to import keys

    Hello all, I'm having way too much trouble trying to import keys that I've exported from my GETVPN primary KS router into my GETVPN secondary KS router. I've done this before, about 6 weeks ago but cant remember how I got it to work. Here is what I'm doing On the Primary KS: crypto key...
    Posted to CCIE Security Technical (Forum) by wendal on 07-23-2010
Page 1 of 1 (8 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved