Refer to the exhibit.
In this GETVPN setup, as soon as GM1 successfully registers with the key server oeKS, the BGP session between GM1 and its peering router in the provider network goes down. With the KS configuration listed below, what could be the reason for the BGP problem?
Crypto gdoi group group1
Identity number 3333
Server local
Rekey authentication mypubkey rsa getvpn-rsa-key
Rekey transport unicast
Sa ipsec 1
Profile gdoi-ip
Match address ipv4 ENCRYPT-POLICY
!
Ip access-list extend ENCRYPT-POLICY
Deny ospf any any
Deny eigrp any any
Deny ip 224.0.0.0 0.0.0.255 any
Deny ip any 224.0.0.0 0.0.0.255
Deny udp any eq 848 any eq 848
Permit ip any any
!
A.
GETVPN cannot run over MPLS provider backbone.
B.
The key server should exclude BGP from its encryption policy.
C.
GETVPN does support BGP running between CE and PE links, so IGP must be used.
D.
The key server should be configured as a BGP reflector.
E.
The rekey method should be configured as multicast on key server.