Message Image

Skip main navigation (Press Enter).

SRX

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Group VPN

Jump to Best Answer

Erdem05-30-2017 12:16

is it a must in GVPN that all member must use the same key to communicate ?? or i can define different ...

lyndidon05-30-2017 20:33Best Answer

Yes. Standard IPsec security association (SA) is a one way directional agreement and a point-to-point ...

1. Group VPN

0 Recommend
Erdem
Posted 05-30-2017 12:16

Reply Reply Privately
is it a must in GVPN that all member must use the same key to communicate ?? or i can define different IPSEC SA to different match-policy ????

For example i have 3 members A & B & C , i want A & B to use a key different than they between A & C ?? is it possible ?
2. RE: Group VPN
Best Answer

0 Recommend
lyndidon
Posted 05-30-2017 20:33

Reply Reply Privately
Yes.

Standard IPsec security association (SA) is a one way directional agreement and a point-to-point tunnel between two security VPN devices.

Group VPN is a new category of VPN that introduces the concept of a trusted group to eliminate point-to-point tunnels in a mesh architecture. ). Group VPN works in a client/server architecture where each member in the group maintain individual IKE Phase 1 SA, but they all share a single common Phase 2 security association (SA), also known as a group SA (GSA. Because all the Group Members use the same key, any Member can decrypt the data that is encrypted by any other group member.

What you propose would negate one of the main benefits of Group VPN.

Powered by Higher Logic