Do you need an on-demand fully-meshed (any-to-any) topology using IPsec in your network? And you want simplicity in configuration? Among various implementations of the IPsec the Cisco`s Group Encrypted Transport VPN (GET VPN) is the solution in this case.

Boštjan Šuštar, an internetworking expert at NIL Data Communications, in his fifth article about IPsec implementations in Cisco IOS, explains GET VPNs and their predecessor, the Tunnel Endpoint Discovery (TED). Boštjan first provides an overview of the requirements, advantages and disadvantages of TED and then focuses on GET VPNs. He describes the control plane (full-mesh topology for user data) and the data plane (hub-and-spoke topology for IKE control sessions) of the solution. Special attention is given to high availability, performance and scalability as the key server can easily become the central point of failure. Design recommendations and configuration examples are provided as well.