Conventional mechanisms exist for denoting such a communications group (group) and for establishing point-to-point, or unicast, secure connections between members of the communications group. In a particular arrangement, group members employ a group key operable for multicast security for unicast communication, thus avoiding establishing additional unicast keys for each communication between group members. Since the recipient of such a unicast message may not know the source, however, the use of the group key assures the recipient that the sender is a member of the same group. Accordingly, a system which enumerates a set of subranges (subnets) included in a particular group, such as a VPN, and establishing a group key corresponding to the group applies the group key to communications from the group members in the subnet. The group key is associated with the group ID by enumerating the address prefixes corresponding to each of the subnets in the group, and examining outgoing transmissions for destination addresses matching one of the address prefixes corresponding to the group.