Monday, July 1, 2019

GETVPN for DMVPN or GRE traffic?

Curious, did anyone manage to get GETVPN running on an underlay network, like for example normal internet links with the KS providing SA's to encrypt traffic passing through a GRE tunnel?

i tried labbing this in a virtual environment with the getvpn running on the overlay and i was able to encrypt traffic passing through the tunnel with ESP, but with the GRE header showing in clear in a wireshark capture... could this be normal?

With another different config i managed to get getvpn running on the underlay, with this time the GRE header successfully being encrypted with ESP but i'd get GETVPN error messages on the GMs that something went wrong exchanging info to the KS.

as far as my understanding goes GETVPN preserves the inner ip header making it useful for underlay networks that are for example private and where the underlay network devices are aware of the source and dest. networks, somehow i want the KS to provision SA's to the GM's, so that the GM's can encrypt tunnel traffic that the underlay should not be aware of for cases like an internet being used as an underlay.

any info is appreciated.



No comments:

Post a Comment