Your organization is working on a design solution for a new Internet-based remote access virtual private network that has 1000 remote sites.
A network administrator recommends GETVPN as the model because the network of today uses DMVPN, which results in a lot of background NHRP control traffic.
What is a potential problem with using GETVPN for this design solution?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
GET VPN (Group Encrypted Transport VPN) is a model that provides encryption and authentication services to protect multicast and unicast traffic. It is a solution designed to offer scalable, secure, and easy-to-manage encryption for any type of traffic, and it allows for efficient and secure distribution of traffic keys to the members of a VPN group.
When it comes to remote access VPNs, GET VPN offers several advantages over other VPN models, such as DM VPN (Dynamic Multipoint VPN), which can generate a considerable amount of background NHRP (Next Hop Resolution Protocol) control traffic that may not be desirable in some scenarios. However, GET VPN also has its limitations and potential problems, which must be considered in the design of a remote access VPN for 1000 sites.
The potential problem with using GET VPN for this design solution is option B: GET VPN is not scalable to a large number of remote sites. GET VPN is a model that is better suited for small to medium-sized networks with a limited number of VPN group members. As the number of VPN group members increases, the complexity of the configuration and management of GET VPN may become overwhelming, and the scalability of the solution may be limited.
In the case of a remote access VPN with 1000 sites, GET VPN may not be the best choice, as it could potentially generate a high level of background traffic to maintain its IPsec SAs (Security Associations), which could impact the network's performance. Additionally, the deployment of GET VPN may require key servers to be located in public, hacker-reachable spaces, which could increase the risk of a security breach (option D). However, these issues are not as critical as the lack of scalability of GET VPN for a large number of remote sites.
In summary, while GET VPN may offer some advantages over other VPN models for remote access VPNs, it is important to consider its limitations, such as its scalability for a large number of VPN group members. Other factors, such as the amount of background traffic generated by the solution, the security of key servers, and the interoperability with other VPN models, should also be taken into account when designing a remote access VPN for 1000 sites.