CHAP TER
28-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
28
Group Encrypted Transport (GET) VPNs
Cisco Group Encrypted Transport virtual private network (GET VPN) is a full-mesh VPN technology
that can be used in a variety of WAN environments, including IP and Multiprotocol Label Switching
(MPLS). GET VPN comprises a set of features that are necessary to secure IP multicast group traffic or
unicast traffic over a private WAN that originates on or flows through a Cisco IOS device. GET VPN
combines the keying protocol Group Domain of Interpretation (GDOI) with IP security (IPsec)
encryption to provide users with an efficient method to secure IP multicast or unicast traffic. GET VPN
enables the router to apply encryption to nontunneled (that is, “native”) IP multicast and unicast packets
and eliminates the requirement to configure tunnels to protect multicast and unicast traffic.
Cisco Group Encrypted Transport VPN provides the following benefits:
Provides data security and transport authentication, helping to meet security compliance and
internal regulation by encrypting all WAN traffic.
Enables high-scale network meshes and eliminates complex peer-to-peer key management with
group encryption keys.
For Multiprotocol Label Switching (MPLS) networks, maintains network intelligence such as
full-mesh connectivity, natural routing path, and Quality of Service (QoS).
Grants easy membership control with a centralized key server.
Helps ensure low latency and jitter by enabling full-time, direct communications between sites,
without requiring transport through a central hub.
Reduces traffic loads on customer premises equipment (CPE) and provider-edge (PE) encryption
devices by using the core network for replication of multicast traffic, avoiding packet replication at
each individual peer site.
Tip For information about the CLI configuration of GET VPN, see Cisco Group Encrypted Transport VPN
on Cisco.com.
This chapter contains the following topics:
Understanding Group Encrypted Transport (GET) VPNs, page 28-2
Understanding the GET VPN Registration Process, page 28-4
Understanding the GET VPN Security Policy and Security Associations, page 28-10
Configuring GET VPN, page 28-12
Generating and Synchronizing RSA Keys, page 28-13
Configuring the IKE Proposal for GET VPN, page 28-15