To understand GETVPN and its usability, you have to know that it’s a large-scale almost-transport-mode IPSec implementation with shared keys, group SA (to make multicast replication in SP network work) and centralized policy and key management (which is the true value-add GETVPN brings).
GETVPN actually uses IPSec tunnel mode and reuses the original IP header as IP header of the tunnel packet. Tunnel mode is used to avoid any interference with fragmentation/reassembly.
You cannot use GETVPN to transport data sent between hosts with private IP addresses across public IP infrastructure (for example, the Internet); the existing IP infrastructure of your network should provide end-to-end routing. GETVPN is thus best used to encrypt sensitive data travelling across private IP infrastructure (for example, data exchanged between MPLS/VPN sites or data sent across a VPLS cloud).
To learn more about GETVPN and other VPN technologies and implementations, register for the next session of the Choose the Optimal VPN Service webinar. You’ll find more GETVPN technical details and design guidelines in the Designing Site-to-Site IPsec VPNs - Part 5 IP Corner article.