Re: Mulicast over VPN issue

nijohansson · ‎10-06-2000

What would be the best design if you want to send multicast traffic over Internet using a LAN-to-LAN VPN with PIX Firewalls ?

Use GRE Tunnels on a router before the PIX ? But what would you do with unicast traffic then ? Send that via the GRE tunnel and maybe turn on eg EIGRP to lessen the number of statics routes required ?

All inputs are welcomed.

Regards

/Nils

b.speltz · ‎10-11-2000

You first might want to try and generate the multicast packets outside the firewall. What multicast application are you running? If it's absolutely necessary to go through the firewall, you'll most likely have to go through a GRE.

rbharania · ‎12-09-2000

Nils -

Neither the PIX nor IPSEC currently supports multicast. This means you've got to tunnel

it in something. GRE is an answer here. Your

crypto map access-lists would be configured

to encrypt GRE from your GRE router as well as

any unicast traffic you wanted to ship accross

the crypto tunnel as well.

What this means, of course, is that you've got

to have a router on eiter end of your VPN to be

the GRE tunnel endpoints.

Hope this helps

-Rakesh

mlondon · ‎12-14-2000

I have recently finished building a vpn network for

a customer - a central office and 4 branch office

locations. The central site has an IOS-router behind

a PIX FW. The central IOS-router terminates GRE-tunnels to the remote IOS-routers. IPSEC-tunnels encapsulating the GRE-tunnels between remote IOS-routers and PIX FW. This configuration gives my customer the possiblity to run multicast traffic.