Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mulicast over VPN issue

What would be the best design if you want to send multicast traffic over Internet using a LAN-to-LAN VPN with PIX Firewalls ?

Use GRE Tunnels on a router before the PIX ? But what would you do with unicast traffic then ? Send that via the GRE tunnel and maybe turn on eg EIGRP to lessen the number of statics routes required ?

All inputs are welcomed.




Re: Mulicast over VPN issue

You first might want to try and generate the multicast packets outside the firewall. What multicast application are you running? If it's absolutely necessary to go through the firewall, you'll most likely have to go through a GRE.

New Member

Re: Mulicast over VPN issue

Nils -

Neither the PIX nor IPSEC currently supports multicast. This means you've got to tunnel

it in something. GRE is an answer here. Your

crypto map access-lists would be configured

to encrypt GRE from your GRE router as well as

any unicast traffic you wanted to ship accross

the crypto tunnel as well.

What this means, of course, is that you've got

to have a router on eiter end of your VPN to be

the GRE tunnel endpoints.

Hope this helps


New Member

Re: Mulicast over VPN issue

I have recently finished building a vpn network for

a customer - a central office and 4 branch office

locations. The central site has an IOS-router behind

a PIX FW. The central IOS-router terminates GRE-tunnels to the remote IOS-routers. IPSEC-tunnels encapsulating the GRE-tunnels between remote IOS-routers and PIX FW. This configuration gives my customer the possiblity to run multicast traffic.

CreatePlease login to create content