Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Use Case for Configuring Group VPN


Today’s networks support critical applications such as distributed computing, voice, and video over IP, which all require real-time branch-to-branch communication. With the increasing use of applications that are highly sensitive to latency and other delays, enterprise networks are tending toward meshed configurations where remote sites are directly connected to each other rather than through a central site. To provide the required infrastructure for supporting such applications and technologies, large service provider and enterprise networks implement any-to-any connectivity through IP VPNs and MPLS networks.

Although IP VPN and MPLS services separate enterprise traffic from the public Internet to provide security, there is an increasing need for enterprises to also encrypt private WANs that are built using service provider networks such as BGP over MPLS. In recent years, government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI DSS), mandate encryption even over private IP networks.

The hub and spoke VPNs solve the problem of secure communication for enterprise WANs over the public Internet. For private IP and MPLS networks, group VPN addresses the above-mentioned issues across multiple sites using a group IPsec security paradigm.

Group VPN on MX Series routers with MS-MIC-16G or MS-MPC-PIC line cards provides tunnel-less any-to-any encryption between devices in a private IP and MPLS network. Each device is a group member, using the same IPsec security association (SA) pair and keys provided by one or more Cisco Group Controllers or Key Servers (GC/KS).

Group VPN is manageable and scalable. It provides any-to-any encrypted communication by replacing statically configured pair-wise IKE connections per peer with a dynamic group key management system. By providing encryption across private IP and MPLS networks, the group VPN implementation simplifies the management of secure branch-to-branch communication.

In addition to simplified key management, reduced latency, and improved any-to-any connectivity capabilities, group VPN also provides encryption for all WAN traffic, providing security compliance for internal governance and regulations.

Configuring group VPN provides an innovative and scalable solution to protect enterprise traffic as it passes through the meshed private WAN. Group VPN optimizes network utilization and provides increased revenue by maintaining full-mesh connectivity and routing paths with existing MPLS backbones, eliminating the management and performance cost of a traditional full-mesh network.