Multicasting over VPN

I understand that IPSEC does not support the transport of multicast packets. The usual Cisco solution is to use a GRE tunnel and then IPSEC encrypt that. I don't know if that is supported on the ASA (I suspect it is not) but it is supported on Cisco Routers.

The IPSEC can be carried out on the Routers instead, possibly eliminating the need for the PIX.

I am pretty sure that there is a router only example on CCO however I can't locate it right now.

Thanks, I am familiar with GRE tunnels but this would be a dialup VPN not a hardware to hardware VPN. Sorry that I failed to specify that in my original posting. I think I'm going to have to play with this in the lab sometime.

Nick

snipped-for-privacy@hotmail.co.uk wrote:

sounds like you need the equivilent of 'mrouted'

$ man mrouted [...] DESCRIPTION Mrouted is an implementation of the Distance-Vector Multicast Routing Protocol (DVMRP), an earlier version of which is specified in RFC-1075. It maintains topological knowledge via a distance-vector routing protocol (like RIP, described in RFC-1058), upon which it implements a multicast datagram forwarding algorithm called Reverse Path Multicasting. [...] In order to support multicasting among subnets that are separated by (unicast) routers that do not support IP multicasting, mrouted includes support for "tunnels", which are virtual point-to-point links between pairs of mrouteds located anywhere in an internet. IP multicast packets are encapsulated for transmission through tunnels, so that they look like normal unicast datagrams to intervening routers and subnets. The encapsulation is added on entry to a tunnel, and stripped off on exit from a tunnel. The packets are encapsulated using the IP-in-IP protocol (IP protocol number 4).