08-28-2008 03:41 AM - edited 03-09-2019 09:21 PM
I have a wan connection that is encrypted to another building in our campus. The VoIP traffic flows just fine. When we send an Informacast message, the audio does not go through the tunnel. In a test environment, audio goes through when the tunnel is not encrypted. I have tried to send multicast info through the tunnel and still no audio. Any help would be greatly appreciated.
Thanks,
Alex
08-28-2008 05:18 AM
Alex,
You cannot encrypt multicast traffic in a IPSEC tunnel. You need to encapsulation the multicast into a unicast tunnel - preferably GRE.
HTH>
08-28-2008 06:00 AM
Is it possible to bypass the ipsec tunnel for this particular traffic without the GRE tunnel?
08-28-2008 06:05 AM
Of course - if you have another way to connect to the other site, like a point-to-point, MLPS, Frame-relay, layer 2 tunneled circuit, some kind of LAN circuit?
04-14-2009 03:40 AM
I am working on Informacast again. If I setup a regular connection with no ecryption to two 2611 XM's, I get the audio stream. When I put the ipsec tunnel into the mix, I only get the text message from Informacast. I have seen many posts that say the gre tunnel will work. Should I set it up like this?
interface tunnel 0
tunnel source x.x.130.1
tunnel destination x.x.130.2
interface fa0/0
no shut
ip add x.x.130.1 255.255.255.252
crypto map xxxmap
If I set this up like this, to get the multicast working over the GRE tunnel, What should my crypto map access-list include? Just access-list xxx permit ip any any? How about my static routes. Do I have to have static mroutes? Should I send the traffic to the next hop router or to the tunnel interface? Any help would be greatly appreciated.
thanks,
alex pfeil
04-14-2009 03:48 AM
Alex,
I would suggest that you use loopback interfaces for the source and destination of the tunnels - that way your crypto map will only have 2 host IP addresses in it, makes it simple for troubleshooting.
For the multicasting, I would advise the use of auto RP listener and sparse-mode in the tunnels and on the LAN interfaces.
HTH>
04-15-2009 03:56 AM
I just wanted to post some troubleshooting tips for multicasting using gre over ipsec.
* Make sure that all your devices see there PIM neighbors.
* Make sure that you route all your traffic through the tunnel.
i.e.
ip route 0.0.0.0 0.0.0.0 tunnel0
ip mroute 0.0.0.0 0.0.0.0 tunnel0
the static mroute is needed.
thanks,
alex pfeil
04-15-2009 04:07 AM
You don't need to have a default route over the tunnel - unless you need to.
You don't need a mroute statement - if you have enabled multicast routing enabled on both devices, on the LAN and tunnel interfaces.
Post your current config's for review.
04-15-2009 04:09 AM
I will test that out.
thanks,
alex pfeil
04-15-2009 04:49 AM
I did not need to use the static mroutes. that is correct. I do not have ip pim sparse-mode command on the outside interface. I have it only on the tunnel. Everything works with and without the static mroute command.
04-15-2009 05:01 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide