emergency Informacast through Encrypted Tunnel

Alex Pfeil · ‎08-28-2008

I have a wan connection that is encrypted to another building in our campus. The VoIP traffic flows just fine. When we send an Informacast message, the audio does not go through the tunnel. In a test environment, audio goes through when the tunnel is not encrypted. I have tried to send multicast info through the tunnel and still no audio. Any help would be greatly appreciated.

Thanks,

Alex

andrew.prince · ‎08-28-2008

Alex,

You cannot encrypt multicast traffic in a IPSEC tunnel. You need to encapsulation the multicast into a unicast tunnel - preferably GRE.

HTH>

Alex Pfeil · ‎08-28-2008

Is it possible to bypass the ipsec tunnel for this particular traffic without the GRE tunnel?

andrew.prince · ‎08-28-2008

Of course - if you have another way to connect to the other site, like a point-to-point, MLPS, Frame-relay, layer 2 tunneled circuit, some kind of LAN circuit?

Alex Pfeil · ‎04-14-2009

I am working on Informacast again. If I setup a regular connection with no ecryption to two 2611 XM's, I get the audio stream. When I put the ipsec tunnel into the mix, I only get the text message from Informacast. I have seen many posts that say the gre tunnel will work. Should I set it up like this?

interface tunnel 0

tunnel source x.x.130.1

tunnel destination x.x.130.2

interface fa0/0

no shut

ip add x.x.130.1 255.255.255.252

crypto map xxxmap

If I set this up like this, to get the multicast working over the GRE tunnel, What should my crypto map access-list include? Just access-list xxx permit ip any any? How about my static routes. Do I have to have static mroutes? Should I send the traffic to the next hop router or to the tunnel interface? Any help would be greatly appreciated.

thanks,

alex pfeil

andrew.prince · ‎04-14-2009

Alex,

I would suggest that you use loopback interfaces for the source and destination of the tunnels - that way your crypto map will only have 2 host IP addresses in it, makes it simple for troubleshooting.

For the multicasting, I would advise the use of auto RP listener and sparse-mode in the tunnels and on the LAN interfaces.

HTH>

Alex Pfeil · ‎04-15-2009

I just wanted to post some troubleshooting tips for multicasting using gre over ipsec.

* Make sure that all your devices see there PIM neighbors.

* Make sure that you route all your traffic through the tunnel.

i.e.

ip route 0.0.0.0 0.0.0.0 tunnel0

ip mroute 0.0.0.0 0.0.0.0 tunnel0

the static mroute is needed.

thanks,

alex pfeil

andrew.prince · ‎04-15-2009

You don't need to have a default route over the tunnel - unless you need to.

You don't need a mroute statement - if you have enabled multicast routing enabled on both devices, on the LAN and tunnel interfaces.

Post your current config's for review.

Alex Pfeil · ‎04-15-2009

I will test that out.

thanks,

alex pfeil

Alex Pfeil · ‎04-15-2009

I did not need to use the static mroutes. that is correct. I do not have ip pim sparse-mode command on the outside interface. I have it only on the tunnel. Everything works with and without the static mroute command.

andrew.prince · ‎04-15-2009

np - glad to help.