Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
2
Replies

VPN3K FEATURE REQUEST: IPSec encapsulation of Multicast packet

Go to solution
engel
Level 2
Level 2

‎03-18-2003 05:02 AM - edited ‎02-21-2020 12:25 PM

Dear All,

Just downloaded the Internet draft of "IP Multicast issues with IPSec" authored by two Cisco engineers. Seems like there is a progress to encapsulate multicast packet within IPSec. Since the draft is written by Cisco engineers, do the VPN3K`s developers consider to implement this feature on the next firmware release ? FYI , Netscreen devices are able to encapsulate OSPF packets within the IPSec tunnel. I am wondering when the Cisco VPN3K will have this capability too.

Regards,

Engel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
afakhan
Level 4
Level 4

‎03-18-2003 05:57 PM

Hi,

Its planned for vpn3000 concentrator but no committed dates as of yet, a router can be used to encapsulate multicast traffic inside GRE, and vpn3k can encrypt GRE traffic just fine.

Thanks,

Afaq

View solution in original post

0 Helpful
2 Replies 2

Go to solution
afakhan
Level 4
Level 4

‎03-18-2003 05:57 PM

Hi,

Its planned for vpn3000 concentrator but no committed dates as of yet, a router can be used to encapsulate multicast traffic inside GRE, and vpn3k can encrypt GRE traffic just fine.

Thanks,

Afaq

0 Helpful

Go to solution
engel
Level 2
Level 2
In response to afakhan

‎03-18-2003 06:40 PM

Hi,

Thanks for the information! I am aware about the solution to use GRE to encapsulate the OSPF and then encrypted it with IPSec. This has been discussed a lot on this forum and we have implemented it to some of our customers.

But the disadvantage of this solution is one has to put two routers behind the VPN3K to termincate the GRE tunnel, because VPN3K doesn`t have the capability to speak GRE. With NetScreen solution, it is very easy to do dynamic routing (with multicast speaking routing protocol such EIGRP, OSPF). And this is my main concern, because we are having difficulties to provide VPN3K solution to the customer, when the competitor comes with NetScreen solution to do encrypted dynamic routing through the Internet.

Regards,

Engel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents