Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Group VPNs in Group VPNv2 on Routing Devices

You can configure an MX Series router with MS-MIC-16G and MS-MPC-PIC line cards to provide the Group VPNv2 member functionality support with one or more Cisco group controllers or key servers (GC/KSs). The group members can connect to a maximum of four Cisco GC/KSs with minimum interoperability with the cooperative servers.

The Group VPNv2 feature also provides system logging support for the Group VPNv2 functionality, and routing instance support for both control and data traffic.

Before you begin:

  1. Configure the routers for network communication.

  2. Configure the Cisco GC/KS.

  3. Configure the group member device interfaces.

  4. Configure a static route to reach the group server.

To configure a Group VPNv2 member, complete the following tasks:

  1. In configuration mode, go to the following hierarchy level:
  2. Define the IKE proposal.
  3. Configure the Phase 1 SA for the IKE proposal.
  4. Define the IKE policy.
  5. Set the remote gateways for the IKE gateway group.
    Note:

    To configure a group member to connect to multiple group servers, add the IP address of all the servers to the remote IKE gateway group configuration.

    For example,

  6. Configure the group identifier and IKE gateway for the remote gateway group.
  7. In configuration mode, go to the following hierarchy level:
  8. Configure the service set for the remote gateway group.
    Note:

    The service set has to be applied on the interface connecting to the other group member.

    For example:

  9. Verify and commit the configuration.

    For example:

Related Documentation