Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13108
Views
0
Helpful
3
Replies

Multicast over IPSec VPN (help!)

bigeric
Level 1
Level 1

‎07-26-2005 10:25 PM - edited ‎02-21-2020 01:53 PM

Dear Sir,

May I know if I can pass multicast traffic over vpn tunnel(IPSec). I have two sites, each with one 1841. The two sites are connected via IPSec VPN. However, the multicast traffic couldn't pass from site A to site B. please help. (any configuration example??)

If Multicast can not pass through IPSec VPN, how about GRE tunnel ?

thx

Eric

Labels:
0 Helpful
3 Replies 3

michael.kopp
Level 1
Level 1

‎07-26-2005 11:22 PM

Hi Eric,

no, IPSec (standard IPSec as per RFC) does not allow to transmit Multicast and Broadcast traffic via a IPSec VPN.

You have more or less following possibilities :

-wait for IKEv2/ESPv3 then Multicast/Broadcast traffic is an allowed option

- configure a GRE tunnel and encrypt this GRE tunnel via IPSec. Inside the GRE tunnel you almost can transfer anything.

- Try the new IPSec VTI (Virtual Tunnel Interface), never tried it on my own, but from the paper it supports Broadcast/Multicast traffic

Hope this helps

Regards

Michael

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to michael.kopp

‎07-27-2005 08:26 AM

I think Michael is right on target here. IPSec is for unicast traffic and traditional implementation of IPSec will not transport multicast.

There is a new feature of IPSec Virtual Tunnel Interface. I have not yet used this but the documentation is quite encouraging about its ability to transport multicast traffic.

I do have experience with using GRE with IPSec. I have implemented lots of IPSec tunnels that need to carry multicast. I have used the combination of IPSec with GRE to do this and it works very well.

HTH

Rick

HTH

Rick
0 Helpful

jimmy-dotson
Level 1
Level 1
In response to Richard Burts

‎08-04-2005 12:52 PM

Rick and Michael are both correct. GRE is the way to go if you wish to do things like this and dynamic routing over the tunnel.

However, we have tried unsuccessfully to get Multicast to work over static GRE tunnels. EIGRP (which uses MCast) works just fine, as does OSPF. But, PIM sparse will not work properly in our environment. We're using 7200s with 12.3(9d) and 831s with 12.3T, 12.3experiemental, 12.2, etc. Tried lots of things like static MRoutes (as per the support pages), various levels of code, debugs, diagrams and debugs to TAC, Still no joy :(

Jimmy

0 Helpful
Customers Also Viewed These Support Documents