Cisco Cisco 1800 2800 3800 8-Port Async Sync EIA-232 Serial High-Speed WIC
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.
Page 2 of 16
Introduction
Group Encrypted Transport VPN (GETVPN) is a tunnel-less technology that provides end-to-end security for voice,
video, and data in a native mode for a full meshed network. Group Encrypted Transport VPN expands the standard
IP Security (IPsec) with the concept of trusted group members to provide secure any-to-any communication over a
variety of network infrastructures. The main benefits over existing VPN solutions include:
●
Large-scale any-to-any encrypted communications
●
Native routing without tunnel overlay
●
Transport agnostic:
◦
Private WAN and LAN
◦
Frame Relay
◦
Multiprotocol Label Switching (MPLS)
◦
Third and Fourth-generation (3G and 4G) with Verizon Wireless Dynamic Mobile Network Routing
(DMNR)
●
Centralized management of policies and keys in the key server
The immediate and long-term benefits of implementing Group Encrypted Transport VPN include:
●
Minimal configuration of crypto endpoints
◦
All devices, with the exception of key servers, share the same configuration; thus there is less chance of
making mistakes. There is no peer configuration or crypto access control lists (ACLs).
●
Native routing
◦
No modifications are required to the existing routing protocol configuration.
●
No tunnel overlay
◦
No additional complexity of generic-routing-encapsulation (GRE) tunnels and Next Hop Resolution
Protocol (NHRP) as in the case of Dynamic Multipoint VPN (DMVPN). There are no secondary routing
protocols over the tunnels.
●
Group encryption
◦
Group Encrypted Transport VPN minimizes latency because encryption is not performed on a per-link
basis, but is encrypted only at the source (ATM or branch office) and decrypted at the destination
(headquarters or data center).
●
RF usage conservation
◦
With only VPN there are no frequent periodic keep-alives. For example, Dead Peer Detection (DPD) and
Internet Key Exchange (IKE).
◦
Group member (GM) re-registrations are at 3600 seconds and ISAKMP (Internet Security Association
and Key Management Protocol) SA lifetime is 24 hours, resulting in a very low RF usage because
encryption is used.
●
High availability