Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
2
Replies

IPSec tunneling involving Multicast

matthew.scala
Level 1
Level 1

‎09-24-2004 07:34 AM - edited ‎02-21-2020 01:21 PM

Question.. my workcenter would like to set up a way to have our wireless/VPN users access IPTV content on our network. We will be using a VPNSM for the 6500 & will be implementing IPSec for encryption purposes. My research has concluded that IPsec does not directly support multicast as it was originally designed to encrypt unicast traffic only. Would it be possible to encapsulate the multicast traffic within a GRE tunnel & then encapsulate the GRE tunnel inside an IPSec tunnel? Any information is appreciated. Thanks for your time.

- Matt

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎09-24-2004 08:03 AM

You are correct that IPSec is designed to handle unicast traffic not multicast. I have a customer who has implemented a lot of IPSec and needs multicast support. The solution we adopted is IPSec and GRE tunnels. It supports multicast very well. I think there is a significant difference between our implementation and what you are describing. In our implementation the GRE tunnels are between routers. I am guessing from your description that your IPSec is between the user PC and the 6500. I am not sure that GRE works between PC and router/switch.

HTH

Rick

HTH

Rick
0 Helpful

matthew.scala
Level 1
Level 1
In response to Richard Burts

‎09-24-2004 09:17 AM

Rick,

Our VPN/wireless setup currently consists of multiple AP's that span across the base. These AP's connect back to the local closet switches, which then connect back to the ITN's (6500 L3.) A VPN concentrator is connected to one of the ITN's on both the public & private side. Separate VLAN/subnet for the public side & for the private side. Currently.. we are using Cisco's 3000 series VPN Concentrator which does NOT support multicast. As I stated previously, we ordered a VPN Services Module for one of our 6500's. The plan is to migrate the existing users from the 3000 Concentrator over to the 6500 with the VPNSM. Because these users are authenticating through the VPN.. an IPSec tunnel will be established all the way to the client. The GRE tunnels will work between the routers obviously. What I need to know is how can I get this to work so that the multicast traffic is carried all the way to the client? Thanks again.

- Matt

0 Helpful
Customers Also Viewed These Support Documents