RE: GEt vpn(design)

@Piotr ,@ Cristian.

Coop for each other mean primary key server and secondary key server and
then work GM as well

let say i have 3 Perimeter Router one become primary key server as well as
GM and others two will work as GM and
secondary key servers

Above statement is understanding of mine from your post .Kindly correct me
if i m wrong

Thanks for your prompt response

Date: Thu, 4 Feb 2010 12:04:19 +0100
Subject: Re: GEt vpn(design)
From: piotrk_at_ipexpert.com
To: faizankhurshid921_at_hotmail.com
CC: ccielab_at_groupstudy.com

Faizan,

Technically speaking yes - you have to configure them to be COOP for each
other. But in general KS is separate from GMs and does not participate in
protecting the data plane.

Regards,

--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Thu, Feb 4, 2010 at 11:36 AM, faizan khurshid
<faizankhurshid921_at_hotmail.com> wrote:
hello Expert
 i need to ask you regarding GET vpn desgin  .i know there is a KS server
which
used to encryption policies, such as interesting traffic, encryption
protocols, security association, rekey timers, and so on, are centrally
defined on the KS and are pushed down to all GMs at registration time.
 and  GM is an IOS router responsible for actual encryption and decryption
i.e. a device responsible to handle GET VPN data plane.
 i want clearification  can one router become   GM and KS server  both
simultaneously  .
 Thanks  in advance