Multicast over IPSec Tunnels?

We have an IPSec tunnel required for a client to pass certain types of traffic, but multicast must also be passed.

I stumbled across this from Cisco:

CSCdu87170 o IP multicast traffic cannot be sent over a Generic Routing Encapsulation (GRE) tunnel if IP Security (IPSec) is configured on the tunnel. Other routing protocols may continue to work normally. o Workaround: Remove IP Security (IPSec) configuration from the tunnel or send IP multicast traffic over a different unencrypted tunnel.

I want to confirm is this is the case? If so, is there a way that this can be done? And if not, would the most logical option be to just make a straight GRE tunnel without IPSec and how does one configure Multicast dense-mode over a tunnel.

I believe you just enable "ip multicast-routing" and "ip pim dense- mode" on each relevent interface correct?

I appreciate any thoughts, thanks!

Reply to
Whatever I Fear
Loading thread data ...

"Where" you stumbled across it is relevant.

When I did a search for CSCdu87170, I found it first in a section titled "Resolved Caveats?Cisco IOS Release 12.1(12)"

Resolved, as in "fixed".

formatting link
Your platform (not stated), and the IOS release (not stated) you are using are determining factors in whether a workaround is needed.

Best Regards, News Reader

Reply to
News Reader

I see, thank you for pointing that out, I did not notice the 'resolved', I appreciate it

Reply to
Whatever I Fear

The particular document I referred too, stated it was resolved (Cisco IOS Release 12.1(12)).

You need to determine whether your installed IOS release pre-dates the fix, or not.

Best Regards, News Reader

Reply to
News Reader

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.