Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

emergency Informacast through Encrypted Tunnel

I have a wan connection that is encrypted to another building in our campus. The VoIP traffic flows just fine. When we send an Informacast message, the audio does not go through the tunnel. In a test environment, audio goes through when the tunnel is not encrypted. I have tried to send multicast info through the tunnel and still no audio. Any help would be greatly appreciated.

Thanks,

Alex

10 REPLIES

Re: emergency Informacast through Encrypted Tunnel

Alex,

You cannot encrypt multicast traffic in a IPSEC tunnel. You need to encapsulation the multicast into a unicast tunnel - preferably GRE.

HTH>

Community Member

Re: emergency Informacast through Encrypted Tunnel

Is it possible to bypass the ipsec tunnel for this particular traffic without the GRE tunnel?

Re: emergency Informacast through Encrypted Tunnel

Of course - if you have another way to connect to the other site, like a point-to-point, MLPS, Frame-relay, layer 2 tunneled circuit, some kind of LAN circuit?

Community Member

Re: emergency Informacast through Encrypted Tunnel

I am working on Informacast again. If I setup a regular connection with no ecryption to two 2611 XM's, I get the audio stream. When I put the ipsec tunnel into the mix, I only get the text message from Informacast. I have seen many posts that say the gre tunnel will work. Should I set it up like this?

interface tunnel 0

tunnel source x.x.130.1

tunnel destination x.x.130.2

interface fa0/0

no shut

ip add x.x.130.1 255.255.255.252

crypto map xxxmap

If I set this up like this, to get the multicast working over the GRE tunnel, What should my crypto map access-list include? Just access-list xxx permit ip any any? How about my static routes. Do I have to have static mroutes? Should I send the traffic to the next hop router or to the tunnel interface? Any help would be greatly appreciated.

thanks,

alex pfeil

Re: emergency Informacast through Encrypted Tunnel

Alex,

I would suggest that you use loopback interfaces for the source and destination of the tunnels - that way your crypto map will only have 2 host IP addresses in it, makes it simple for troubleshooting.

For the multicasting, I would advise the use of auto RP listener and sparse-mode in the tunnels and on the LAN interfaces.

HTH>

Community Member

Re: emergency Informacast through Encrypted Tunnel

I just wanted to post some troubleshooting tips for multicasting using gre over ipsec.

* Make sure that all your devices see there PIM neighbors.

* Make sure that you route all your traffic through the tunnel.

i.e.

ip route 0.0.0.0 0.0.0.0 tunnel0

ip mroute 0.0.0.0 0.0.0.0 tunnel0

the static mroute is needed.

thanks,

alex pfeil

Re: emergency Informacast through Encrypted Tunnel

You don't need to have a default route over the tunnel - unless you need to.

You don't need a mroute statement - if you have enabled multicast routing enabled on both devices, on the LAN and tunnel interfaces.

Post your current config's for review.

Community Member

Re: emergency Informacast through Encrypted Tunnel

I will test that out.

thanks,

alex pfeil

Community Member

Re: emergency Informacast through Encrypted Tunnel

I did not need to use the static mroutes. that is correct. I do not have ip pim sparse-mode command on the outside interface. I have it only on the tunnel. Everything works with and without the static mroute command.

Re: emergency Informacast through Encrypted Tunnel

np - glad to help.

364
Views
10
Helpful
10
Replies
CreatePlease to create content