Cisco Cisco IOS Software Release 12.4(11)T
Corporate Headquarters
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Group Encrypted Transport VPN
First Published: November 17, 2006
Last Updated: October 2, 2011
Last Updated: October 2, 2011
Note
Effective with Cisco IOS 12.4(11)T, the Multicast Rekeying feature information (originally published as
Cisco IOS Release 12.4(6)T [titled
Cisco IOS Release 12.4(6)T [titled
Secure Multicast
]) has been integrated into this document.
Today’s networked applications, such as voice and video, are accelerating the need for instantaneous,
branch-interconnected, and Quality of Service- (QoS-) enabled WANs. The distributed nature of these
applications results in increased demands for scale. At the same time, enterprise WAN technologies
force businesses to trade off between QoS-enabled branch interconnectivity and transport security. As
network security risks increase and regulatory compliance becomes essential, Cisco Group Encrypted
Transport VPN (GET VPN) eliminates the need to compromise between network intelligence and data
privacy.
branch-interconnected, and Quality of Service- (QoS-) enabled WANs. The distributed nature of these
applications results in increased demands for scale. At the same time, enterprise WAN technologies
force businesses to trade off between QoS-enabled branch interconnectivity and transport security. As
network security risks increase and regulatory compliance becomes essential, Cisco Group Encrypted
Transport VPN (GET VPN) eliminates the need to compromise between network intelligence and data
privacy.
GET VPN eliminates the need for tunnels. By removing the need for point-to-point tunnels, meshed
networks are able to scale higher while maintaining network-intelligence features that are critical to
voice and video quality, such as QoS, routing, and multicast. GET VPN offers a new standards-based IP
security (IPsec) security model that is based on the concept of “trusted” group members. Trusted
member routers use a common security methodology that is independent of any point-to-point IPsec
tunnel relationship.
networks are able to scale higher while maintaining network-intelligence features that are critical to
voice and video quality, such as QoS, routing, and multicast. GET VPN offers a new standards-based IP
security (IPsec) security model that is based on the concept of “trusted” group members. Trusted
member routers use a common security methodology that is independent of any point-to-point IPsec
tunnel relationship.
GET VPN is a set of features that are necessary to secure IP multicast group traffic or unicast traffic over
a private WAN that originates on or flows through a Cisco IOS device. GET VPN combines the keying
protocol Group Domain of Interpretation (GDOI) with IPsec encryption to provide users with an
efficient method to secure IP multicast traffic or unicast traffic. GET VPN enables the router to apply
encryption to nontunneled (that is, “native”) IP multicast and unicast packets and eliminates the
requirement to configure tunnels to protect multicast and unicast traffic.
a private WAN that originates on or flows through a Cisco IOS device. GET VPN combines the keying
protocol Group Domain of Interpretation (GDOI) with IPsec encryption to provide users with an
efficient method to secure IP multicast traffic or unicast traffic. GET VPN enables the router to apply
encryption to nontunneled (that is, “native”) IP multicast and unicast packets and eliminates the
requirement to configure tunnels to protect multicast and unicast traffic.
Cisco Group Encrypted Transport VPN provides the following benefits:
•
Provides data security and transport authentication, helping to meet security compliance and
internal regulation by encrypting all WAN traffic
internal regulation by encrypting all WAN traffic
•
Enables high-scale network meshes and eliminates complex peer-to-peer key management with
group encryption keys
group encryption keys
•
For Multiprotocol Label Switching (MPLS) networks, maintains network intelligence (such as
full-mesh connectivity, natural routing path, and QoS]
full-mesh connectivity, natural routing path, and QoS]