security association is uniquely identified by a triple consisting of a Security Parameter Index (SPI), an IP Destination Address, and a security protocol (AH or ESP) identifier. In principle, the Destination Address may be a unicast address, an IP broadcast
address, or a multicast group address. However, IPsec SA management mechanisms currently are defined only for unicast SAs.
The receiver-orientation of the Security Association implies that, in the case of unicast traffic, the destination system will normally select the SPI value. By having the destination select the SPI value, there is no potential for manually configured Security Associations to conflict with automatically configured (e.g., via a key management protocol) Security Associations or for Security Associations from multiple sources to conflict with each other. For multicast traffic, there are multiple destination systems per multicast group. So some system or person will need to coordinate among all multicast groups to select an SPI or SPIs on behalf of each multicast group and then communicate the group's IPsec information to all of the legitimate members of that multicast group via mechanisms not defined
hi in short ipsec doesn't support protecting multicast or broadcast traffic.
in remote access vpn the only solution for providing multicast protection in ipsec is using L2tp tunnel where in the multicast traffic is encapsulated in ppp and then the ppp frames are encrypted using ipsec.
cisco vpn client doesn;t support L2tp u will need to use windows L2tp client.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...