Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multicast GRE tunnel Over IPSEC

I'm beating my head on the desk over this. Never tried to do it over L2L VPN, but have done it successfully over MPLS VPN's.

What I am trying to do is create a GRE tunnel between a remote site, and the corporate network to allow multicast traffic to traverse. Currently, this office is connecting to the network via a L2L tunnel terminating at an ASA. The GRE tunnel interfaces are located on the remote router and the core router at the primary datacenter. The toplogy looks like this...

Remote Router -------> ASA -------> Core -----> Broadcast Device

The tunnel interfaces show up/up, and I can see traffic passing through. Mroutes are in place and both are part of 239.0.1.2 and 239.1.1.2. On the core, I can see all the other Mcast networks with routes, on the remote, it only shows itself.

I've tried a few different configurations for the tunnel interface. I've bound the source to a Loopback address on the remote and core sides, the sub-interface on the remote, the SVI on the core, the outside interface of the remote... Nothing seems to be working. When I ping the MCast broadcast IP, there are no routes.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Remote Configuration:

interface Loopback0

ip address 192.168.10.254 255.255.255.255

ip pim sparse-mode

no ip mfib cef input

no ip mfib cef output

ip igmp join-group 239.1.1.2

ip igmp join-group 239.0.1.2

interface Tunnel2

ip unnumbered Loopback0

ip pim dr-priority 0

ip pim sparse-mode

tunnel source Loopback0

tunnel destination 192.168.254.254

ip pim rp-address 192.168.2.1

ip mroute 192.168.2.0 255.255.255.0 Tunnel2

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Core Configuration

interface Loopback1

ip address 192.168.254.254 255.255.255.255

interface Tunnel9

ip unnumbered Loopback1

ip pim dr-priority 255

ip pim sparse-mode

tunnel source Loopback1

tunnel destination  192.168.10.254

ip mroute 192.168.8.128 255.255.255.128 Tunnel2 (192.168.8.128 is the subnet at the remote site where Mcast traffic will be distributed)

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Any ideas?

  • WAN Routing and Switching
Everyone's tags (3)
1 REPLY
New Member

Re: Multicast GRE tunnel Over IPSEC

Hi,

GRE Tunnels are a bit odd, an up/up interface doesn't mean that the tunnel has established end-to-end, it just means that the local tunnel has a valid source interface and the router can successfully recurse to the destination IP address.

To test the tunnel, are you able to configure a /30 IP address on the tunnel interfaces and ping between them? Also has a pim neighborship established between the tunnel interfaces?

What is the IP address of the device sending the multicast stream?

You also dont need the mroute on the core as the outgoing interface to the receiver will be determined by the incoming pim join messages over the tunnel interface from the remote router.

701
Views
0
Helpful
1
Replies