Wednesday, February 20, 2008

Tunnel-less VPN with Cisco Group Encrypted Transport (GET) - Part1

Nowadays, the requirement for encrypted communication between business locations is part of the standard requirements from our customers. More and more regulatory laws force the use of encrypted communication.

The classic scalability issue with IPSec site-to-site encryption is that it requires each location to have a VPN to every other location. In other words, we will need N^2 tunnels defined on a network with N devices. This is obviously, a non scalable solution.

A partial list of this and other scalability issues of the site-to-site VPNs are:
  • Require a full mesh. In other words, require N^2 tunnels to be defined.
  • Create an overlay logical network over the network. In many cases, this also means, having different routing tables. One for the encrypted path and one for the regular path.
  • Only basic QoS supported
  • Very inefficient multicast replication

To work around these issues Cisco created the Group Encrypted Transport (GET) VPN. Among the benefits GET VPN offer are:
  • Scalable architecture
  • Any-to-any instant connectivity
  • Native routing with no overlays
  • Support for Advanced QoS
  • Efficient Multicast replication
  • Transport agnostic (works with private LAN/WAN, FR/AATM, IP, MPLS)

GET VPN defines one or more key-servers which authenticates group members, distributes keys and policies. The traffic is encrypted on demand basis by the group members (i.e. participant routers). Contrary to IPSec which defines a new IP header, GET VPN preserve the original IP header and thus maintain QoS and multicast information for the connection.

Representation of an IP packet, IPSec Encrypted Packet and GET Encrypted Packet:
For more technical information on Cisco Group Encrypted Transport VPN visit this site.

The next part of this tutorial will cover actual configuration examples of GET VPN.


  1. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post. best vpn services

  2. I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. VPN China

  3. You will have to strictly adhere to the company policies while using the network. This may restrict you from doing things that do not concern the of top vpn i used

  4. It is very important for the device that you use to be compatible. Make sure you ask about the service before you plan to use VPN services on your iPad. Best VPN service

  5. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. Cheap VPN

  6. Your article is absolutely right. I operate a small freelance web development business at home and some of my clients are looking for ways to access their website’s visitor’s information. I don’t question them why but I’m sure it’s just to send them promotional emails or to make sure they’re speaking to the right target audience. Because I know that’s how some sites work, I wanted to give protection for myself so I tried out VPN services from ExpressVPN. So far, it seems to be working out well. I haven’t completed the 30-day money-back guarantee period yet, but I think I’ll continue using the software.

  7. "I’m truly enjoying the design and layout of your website.
    It’s a very easy on the eyes which makes it much more enjoyable"
    Regards: Dream Market

  8. I havent any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. dedicated vps

  9. I would like to say thank you for sharing the Informative article, this is a very Informative article about deep learning. You are doing a great job, keep it up.
    business directory