GETVPN and IPsec are both VPN technologies that use ESP (Encapsulating Security Payload) to encrypt and authenticate data packets. However, they differ in the following aspects:
GETVPN uses a group IPSec security paradigm, which means that all group members share the same IPSec SA (Security Association) and can communicate with each other without having to establish point-to-point tunnels. IPsec, on the other hand, uses a pair-wise IPSec security paradigm, which requires each pair of devices to negotiate and maintain their own IPSec SAs and tunnels.
GETVPN uses GDOI (Group Domain of Interpretation) as a key management protocol, which allows a Key Server (KS) to distribute the encryption keys and policies to all group members. IPsec uses IKE (Internet Key Exchange) as a key management protocol, which involves two phases of negotiation between each pair of devices to establish the IPSec SAs.
GETVPN supports multicast traffic without the need for GRE (Generic Routing Encapsulation) tunneling, as it preserves the original IP header of the packet. IPsec does not support multicast traffic natively, and requires GRE tunneling to encapsulate the multicast packets with a new IP header.
GETVPN relies on the underlying WAN routing to deliver the encrypted packets to the destination, as it does not create any overlay routing. IPsec creates an overlay routing, which may introduce additional latency and complexity.
References :=
Some possible references are:
[Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 6: Secure Connectivity, Lesson 6.2: Implementing Site-to-Site VPNs, Topic 6.2.2: Group Encrypted Transport VPN
Group Encrypted Transport VPN (GETVPN)
GETVPN - Cisco Community
Cisco Get VPN vs DMVPN: Difference and Comparison
What is a difference between GETVPN and IPsec?
Explanation
Diffie Hellman (DH) uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm – it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.
