Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
7
Helpful
5
Replies

Setting up multicasting

idesofmarch
Level 1
Level 1

‎03-21-2005 08:38 AM - edited ‎03-02-2019 10:13 PM

I have a site using a Cisco 4506 and encyption device

a Cisco 3745 connecting via T1 to remote sites with

Cisco 2651 encrytpion device and Cisco 3725 connecting to a Cisco 3550. I would like to set up

multicasting, with each remote site as a multicast

group. Any suggestions??

Labels:
0 Helpful
5 Replies 5

thisisshanky
Level 11
Level 11

‎03-21-2005 08:49 AM

You can use Multicasting over GRE tunnel and setup an IPSEC tunnel over the GRE tunnel.

http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801a5aa2.shtml

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

idesofmarch
Level 1
Level 1
In response to thisisshanky

‎03-21-2005 10:13 AM

Is a GRE tunnel neccessary?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to idesofmarch

‎03-21-2005 10:57 AM

When you describe the sites as connected by encryption devices, it implies that you are using IPSec between these devices. I am sure that this is the assumption that Sankar made when he answered your question.

If the connections do use IPSec then yes GRE is required. The reason that GRE would be required is that IPSec processes unicast IP packets. Multicast will not pass over a pure IPSec connection. GRE gives the ability to send multicast and then is processed by IPSec.

If the connections between sites do not use IPSec then GRE may not be required. We would need to understand better how these sites are connected to be able to answer your question correctly.

HTH

Rick

HTH

Rick
0 Helpful

idesofmarch
Level 1
Level 1
In response to Richard Burts

‎03-22-2005 08:47 AM

thanks for replying, I was going to try the configuration that was suggested, but I don't have a test bed and will be trying it on a live network, is there any pitfalls to that configuration or additions

I should be aware of?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to idesofmarch

‎03-22-2005 09:39 AM

Am I correct in believing that you already have IPSec running successfully between these devices? If you do not have this already I would consider getting it going successfully to be the first and biggest of the potential pitfalls.

GRE tunnels are fairly simple to set up, you specify a tunnel number (in the interface name), specify a tunnel source (some people like to use a loopback interface while others like to use the outbound physical interface), specify a tunnel destination (as commented for source it could be a loopback, or physical interface), and assign an IP address on the tunnel. One potential pitfall to be aware of is the possibility of recursive routing problems. Essentially this problem occurs if the router learns the path to the tunnel destination via the tunnel itself (usually when you are running some routing protocol over the tunnel which advertises the subnet of the tunnel destination). So be sure that the router has a route to the tunnel destination that is not dependent on the tunnel.

If you already have IPSec running you probably already have an access list that identifies traffic to be protected by IPSec. This access list will change when you implement IPSec with GRE. The new version of the access list should permit GRE with a source of the tunnel source and destination of the tunnel destination.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents