Faizan,
Technically speaking yes - you have to configure them to be COOP for each
other. But in general KS is separate from GMs and does not participate in
protecting the data plane.
Regards,
-- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Thu, Feb 4, 2010 at 11:36 AM, faizan khurshid < faizankhurshid921_at_hotmail.com> wrote: > hello Expert > i need to ask you regarding GET vpn desgin .i know there is a KS server > which > used to encryption policies, such as interesting traffic, encryption > protocols, security association, rekey timers, and so on, are centrally > defined on the KS and are pushed down to all GMs at registration time. > and GM is an IOS router responsible for actual encryption and decryption > i.e. a device responsible to handle GET VPN data plane. > i want clearification can one router become GM and KS server both > simultaneously . > > > Thanks in advance > > > _________________________________________________________________ > Hotmail: Trusted email with powerful SPAM protection. > https://signup.live.com/signup.aspx?id=60969 > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Thu Feb 04 2010 - 12:04:19 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART