is it a must in GVPN that all member must use the same key to communicate ?? or i can define different IPSEC SA to different match-policy ????
For example i have 3 members A & B & C , i want A & B to use a key different than they between A & C ?? is it possible ?
Standard IPsec security association (SA) is a one way directional agreement and a point-to-point tunnel between two security VPN devices.
Group VPN is a new category of VPN that introduces the concept of a trusted group to eliminate point-to-point tunnels in a mesh architecture. ). Group VPN works in a client/server architecture where each member in the group maintain individual IKE Phase 1 SA, but they all share a single common Phase 2 security association (SA), also known as a group SA (GSA. Because all the Group Members use the same key, any Member can decrypt the data that is encrypted by any other group member.
What you propose would negate one of the main benefits of Group VPN.