Cisco Cisco IOS Software Release 12.4(11)T
Cisco Group Encrypted Transport VPN
Restrictions for Cisco Group Encrypted Transport VPN
3
Cisco IOS Security Configuration Guide
Restrictions for Cisco Group Encrypted Transport VPN
•
The following platforms can be configured only as shown:
–
Cisco 870 series routers: as a group member only
•
If you are encrypting high packet rates for count-based anti-replay, ensure that you do not make the
lifetime too long or it can take several hours for the sequence number to wrap. For example, if the
packet rate is 100 kilopackets per second, the lifetime should be configured as less than 11.93 hours
so that the SA is used before the sequence number wraps.
lifetime too long or it can take several hours for the sequence number to wrap. For example, if the
packet rate is 100 kilopackets per second, the lifetime should be configured as less than 11.93 hours
so that the SA is used before the sequence number wraps.
Information About Cisco Group Encrypted Transport VPN
To configure GET VPN, you should understand the following concepts:
•
•
•
•
•
Cisco Group Encrypted Transport VPN Overview
Today’s networked applications, such as voice and video, are accelerating the necessity for
instantaneous, branch-interconnected, and QoS-enabled WANs. And the distributed nature of these
applications results in increased demands for scale. At the same time, enterprise WAN technologies
force businesses to trade off between QoS-enabled branch interconnectivity and transport security. As
network security risks increase and regulatory compliance becomes essential, GET VPN, a
next-generation WAN encryption technology, eliminates the need to compromise between network
intelligence and data privacy.
instantaneous, branch-interconnected, and QoS-enabled WANs. And the distributed nature of these
applications results in increased demands for scale. At the same time, enterprise WAN technologies
force businesses to trade off between QoS-enabled branch interconnectivity and transport security. As
network security risks increase and regulatory compliance becomes essential, GET VPN, a
next-generation WAN encryption technology, eliminates the need to compromise between network
intelligence and data privacy.
With the introduction of GET, Cisco now delivers a new category—tunnel-less VPN—that eliminates
the need for tunnels. By removing the need for point-to-point tunnels, meshed networks can scale higher
while maintaining network-intelligence features critical to voice and video quality. GET offers a new
standards-based security model that is based on the concept of “trusted” group members. Trusted
member routers use a common security methodology that is independent of any point-to-point IPsec
tunnel relationship. By using trusted groups instead of point-to-point tunnels, “any-any” networks can
scale higher while maintaining network-intelligence features (such as QoS, routing, and multicast),
which are critical to voice and video quality.
the need for tunnels. By removing the need for point-to-point tunnels, meshed networks can scale higher
while maintaining network-intelligence features critical to voice and video quality. GET offers a new
standards-based security model that is based on the concept of “trusted” group members. Trusted
member routers use a common security methodology that is independent of any point-to-point IPsec
tunnel relationship. By using trusted groups instead of point-to-point tunnels, “any-any” networks can
scale higher while maintaining network-intelligence features (such as QoS, routing, and multicast),
which are critical to voice and video quality.
GET-based networks can be used in a variety of WAN environments, including IP and Multiprotocol
Label Switching (MPLS). MPLS VPNs that use this encryption technology are highly scalable,
manageable, and cost-effective, and they meet government-mandated encryption requirements. The
flexible nature of GET allows security-conscious enterprises either to manage their own network
security over a service provider WAN service or to offload encryption services to their providers. GET
simplifies securing large Layer 2 or MPLS networks that require partial or full-mesh connectivity.
Label Switching (MPLS). MPLS VPNs that use this encryption technology are highly scalable,
manageable, and cost-effective, and they meet government-mandated encryption requirements. The
flexible nature of GET allows security-conscious enterprises either to manage their own network
security over a service provider WAN service or to offload encryption services to their providers. GET
simplifies securing large Layer 2 or MPLS networks that require partial or full-mesh connectivity.