Re: GEt vpn(design) from Piotr Kaluzny on 2010-02-04 (Ccielab archives /201002)

From: Piotr Kaluzny <piotrk_at_ipexpert.com>
Date: Thu, 4 Feb 2010 13:02:44 +0100

Faizan,

In your scenario, which is having three routers, e.g. A, B and C, this would
mean that routers B&C should be secondary for router A and router A should
be secondary for B&C. A could then register to B or C, whereas B or C could
register to A.

On Thu, Feb 4, 2010 at 12:32 PM, faizan khurshid <
faizankhurshid921_at_hotmail.com> wrote:

> @Piotr ,@ Cristian.
>
> Coop for each other mean primary key server and secondary key server and
> then work GM as well
>
> let say i have 3 Perimeter Router one become primary key server as well
> as GM and others two will work as GM and
> secondary key servers
>
> Above statement is understanding of mine from your post .Kindly correct
> me if i m wrong
>
> Thanks for your prompt response
>
>
>
>
> ------------------------------
> Date: Thu, 4 Feb 2010 12:04:19 +0100
> Subject: Re: GEt vpn(design)
> From: piotrk_at_ipexpert.com
> To: faizankhurshid921_at_hotmail.com
> CC: ccielab_at_groupstudy.com
>
>
> Faizan,
>
> Technically speaking yes - you have to configure them to be COOP for each
> other. But in general KS is separate from GMs and does not participate in
> protecting the data plane.
>
> Regards,
> --
> Piotr Kaluzny
> CCIE #25665 (Security), CCSP, CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> On Thu, Feb 4, 2010 at 11:36 AM, faizan khurshid <
> faizankhurshid921_at_hotmail.com> wrote:
>
> hello Expert
> i need to ask you regarding GET vpn desgin .i know there is a KS server
> which
> used to encryption policies, such as interesting traffic, encryption
> protocols, security association, rekey timers, and so on, are centrally
> defined on the KS and are pushed down to all GMs at registration time.
> and GM is an IOS router responsible for actual encryption and decryption
> i.e. a device responsible to handle GET VPN data plane.
> i want clearification can one router become GM and KS server both
> simultaneously .
>
>
> Thanks in advance
>
>
> _________________________________________________________________
> Hotmail: Trusted email with powerful SPAM protection.
> https://signup.live.com/signup.aspx?id=60969
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
> Hotmail: Trusted email with powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>
>

-- 
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net

Received on Thu Feb 04 2010 - 13:02:44 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART