In a GET VPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)
A. multicast UDP transmission
B. multicast TCP transmission
C. unicast UDP transmission
D. unicast TCP transmission
https://www.cisco.com/c/en/us/support/docs/security/group-encrypted-transport-vpn/118125-technote-getvpn-00.html
A D
no way
Default – multucast udp
Answer A C
sh run | sec rekey
rekey lifetime seconds 600
rekey retransmit 10 number 2
rekey authentication mypubkey rsa r1
rekey transport unicast
R4# crypto gdoi ks rekey
% There has not been a GDOI policy change for group OUR-GETVPN, a rekey is not needed
Are you sure you want to proceed ? [yes/no]: yes
R4#
*Dec 10 18:17:59.007: UDP: sent src=45.0.0.4(848), dst=15.0.0.1(848), length=896
*Dec 10 18:17:59.035: UDP: sent src=45.0.0.4(848), dst=25.0.0.2(848), length=896
*Dec 10 18:17:59.055: UDP: sent src=45.0.0.4(848), dst=35.0.0.3(848), length=896
*Dec 10 18:17:59.059: %GDOI-5-KS_SEND_UNICAST_REKEY: Sending Unicast Rekey with policy-replace for group OUR-GETVPN from address 45.0.0.4 with seq # 1
*Dec 10 18:17:59.067: UDP: rcvd src=25.0.0.2(848), dst=45.0.0.4(848), length=84
*Dec 10 18:17:59.087: UDP: rcvd src=15.0.0.1(848), dst=45.0.0.4(848), length=84
*Dec 10 18:17:59.111: UDP: rcvd src=35.0.0.3(848), dst=45.0.0.4(848), length=84