Which two ways can the key server distribute the new keys to the group members during the rekey process?

– by 3

In a GET VPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)
A. multicast UDP transmission
B. multicast TCP transmission
C. unicast UDP transmission
D. unicast TCP transmission

cisco-exams

3 thoughts on “Which two ways can the key server distribute the new keys to the group members during the rekey process?

    1. no way
      Default – multucast udp
      Answer A C

      sh run | sec rekey
      rekey lifetime seconds 600
      rekey retransmit 10 number 2
      rekey authentication mypubkey rsa r1
      rekey transport unicast
      R4# crypto gdoi ks rekey

      % There has not been a GDOI policy change for group OUR-GETVPN, a rekey is not needed

      Are you sure you want to proceed ? [yes/no]: yes
      R4#
      *Dec 10 18:17:59.007: UDP: sent src=45.0.0.4(848), dst=15.0.0.1(848), length=896
      *Dec 10 18:17:59.035: UDP: sent src=45.0.0.4(848), dst=25.0.0.2(848), length=896
      *Dec 10 18:17:59.055: UDP: sent src=45.0.0.4(848), dst=35.0.0.3(848), length=896
      *Dec 10 18:17:59.059: %GDOI-5-KS_SEND_UNICAST_REKEY: Sending Unicast Rekey with policy-replace for group OUR-GETVPN from address 45.0.0.4 with seq # 1
      *Dec 10 18:17:59.067: UDP: rcvd src=25.0.0.2(848), dst=45.0.0.4(848), length=84
      *Dec 10 18:17:59.087: UDP: rcvd src=15.0.0.1(848), dst=45.0.0.4(848), length=84
      *Dec 10 18:17:59.111: UDP: rcvd src=35.0.0.3(848), dst=45.0.0.4(848), length=84

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.