Tuesday, June 1, 2010

GET - Group Encrypted Transport
Secure Connectivity Simplifed.

Cisco's GDOI interpretation for IOS provides a simple and effective way to protect traffic between networks without the overhead of tedious, repetive manual configuration headaches.

The following example illustrates how a central key server can specify traffic to be encrypted.

Key server configuration:

crypto gdoi group myGDOI
identity number 99
server local
rekey algorithm aes 128
rekey retransmit 10 number 2
rekey authentication mypubkey rsa GET-gdoi-key
rekey transport unicast
authorization address ipv4 GET_list
sa ipsec 1
profile gdoi-profile
match address ipv4 GET_traffic
replay counter window-size 64
address ipv4

crypto ipsec profile gdoi-profile
set security-association lifetime seconds 900
set transform-set ccie

Extended IP access list getvpn_traffic
10 permit ip
20 permit ip

No comments:

Post a Comment