Question 93 of 530 from exam 400-251: CCIE Security written exam

C.

The VPN type that is based on the concept of trusted group members using the GDOI key management protocol is GETVPN (Group Encrypted Transport VPN).

GETVPN is a tunnel-less VPN technology that encrypts traffic between group members using IPsec. It allows multiple sites to communicate securely over a public network by encrypting traffic between group members. Unlike traditional VPN technologies such as site-to-site VPN or remote-access VPN, GETVPN does not require dedicated tunnels between sites or remote users.

GETVPN uses a trusted group model, where each group member is preconfigured with the same group security association (GSA) that contains the encryption keys and policies needed for IPsec encryption. The keys are distributed using the GDOI (Group Domain of Interpretation) protocol, which provides centralized key management for the group.

GETVPN can be used to secure any type of IP traffic, including multicast and non-IP traffic. It is often used in large enterprise networks to provide secure communication between multiple sites, data centers, and remote users.

To summarize, GETVPN is a tunnel-less VPN technology that uses the GDOI key management protocol to provide IPsec encryption between trusted group members. It is ideal for large enterprise networks that require secure communication between multiple sites and remote users.