I have a wan connection that is encrypted to another building in our campus. The VoIP traffic flows just fine. When we send an Informacast message, the audio does not go through the tunnel. In a test environment, audio goes through when the tunnel is not encrypted. I have tried to send multicast info through the tunnel and still no audio. Any help would be greatly appreciated.
You cannot encrypt multicast traffic in a IPSEC tunnel. You need to encapsulation the multicast into a unicast tunnel - preferably GRE.
Of course - if you have another way to connect to the other site, like a point-to-point, MLPS, Frame-relay, layer 2 tunneled circuit, some kind of LAN circuit?
I am working on Informacast again. If I setup a regular connection with no ecryption to two 2611 XM's, I get the audio stream. When I put the ipsec tunnel into the mix, I only get the text message from Informacast. I have seen many posts that say the gre tunnel will work. Should I set it up like this?
interface tunnel 0
tunnel source x.x.130.1
tunnel destination x.x.130.2
ip add x.x.130.1 255.255.255.252
crypto map xxxmap
If I set this up like this, to get the multicast working over the GRE tunnel, What should my crypto map access-list include? Just access-list xxx permit ip any any? How about my static routes. Do I have to have static mroutes? Should I send the traffic to the next hop router or to the tunnel interface? Any help would be greatly appreciated.
I would suggest that you use loopback interfaces for the source and destination of the tunnels - that way your crypto map will only have 2 host IP addresses in it, makes it simple for troubleshooting.
For the multicasting, I would advise the use of auto RP listener and sparse-mode in the tunnels and on the LAN interfaces.
I just wanted to post some troubleshooting tips for multicasting using gre over ipsec.
* Make sure that all your devices see there PIM neighbors.
* Make sure that you route all your traffic through the tunnel.
ip route 0.0.0.0 0.0.0.0 tunnel0
ip mroute 0.0.0.0 0.0.0.0 tunnel0
the static mroute is needed.
You don't need to have a default route over the tunnel - unless you need to.
You don't need a mroute statement - if you have enabled multicast routing enabled on both devices, on the LAN and tunnel interfaces.
Post your current config's for review.
I did not need to use the static mroutes. that is correct. I do not have ip pim sparse-mode command on the outside interface. I have it only on the tunnel. Everything works with and without the static mroute command.