Cisco Support Community
Community Member

Multicast traffic and IPSec

can someone please explain why exactly multicast traffic cannot be handled by IPSec


Re: Multicast traffic and IPSec

don't know but if you want to use it then run GRE tunnels inside your IPsec.

Community Member

Re: Multicast traffic and IPSec

Multicast IP packets are just plain IP packets to special addresses. Devices and software prepared for multicast do know how to handle such packets, ie. receive them and/or forward them to one or more or even all of the attached networks.

An IPSec connection is defined to have one or more networks on the local and one or more networks on the remote side (and vice versa). That a packet must be spread to several interfaces was just not part of the spec.

Funny thing is, that a VPN Client connected with no split tunneling can even send out multicast packets and that these packets even reach their destination through the IPSec tunnel. Just the other direction doesnt work.

CreatePlease to create content