Using multicast with site-to-site VPN

mathieu.lallemand · ‎11-16-2017

Hello,

I've configured a site-to-site VPN using 2 Cisco routers RV215W.

But I'm facing an issue concerning multicast exchanges : Multicast packet aren't routed to the other sub-network.

I suppose that RV215W routers aren't supporting multicast routing but I have found nothing in its documentation.

Can you confirm that these routers don't support multicast exchange ?

If yes, which router could manage a site-to-site VPN with multicast exchanges ?

I only need to have an answer in a multicast packet. Can I keep a RV215W router on the sub-network which receives the muticast packet ?

Regards,

Mathieu L.

Richard Burts · ‎11-17-2017

It would help if we knew more about how the site to site vpn is configured. Especially whether it is a normal IPsec VPN or if it is configured with a tunnel (GRE or VTI) and encrypting traffic in the tunnel. I am assuming that this is a normal IPsec VPN. And that is the source of your issue. It is not a limitation of this model of router but is a limitation of IPsec which specifies that it processes unicast but not multicast IP packets. VPNs based on tunnel interfaces (GRE and VTI) can transport multicast but standard IPsec VPN does not.

HTH

Rick

HTH

Rick

mathieu.lallemand · ‎03-15-2018

Hi

Thanks for your help and sorry for this late answer, I was not available these days for this topic.

I have checked my configuration which seems to be a normal IPSec VPN as you guessed.

I have found nothing in Router configuration about GRE or VTI tunnel interfaces.

I join to this message my configuration. Can you help to find how to configure a VTI interface ?

Thanks

Mathieu

Richard Burts · ‎03-15-2018

I have looked through the config that you posted. And since I am not familiar with the RV215 I have looked through the documentation. I believe that the answer is that the RV215 supports only the traditional IPsec site to site VPN and does not support either the GRE or the VTI options. If you need to send multicast over the VPN then I believe that you will need a different router. I believe that one of the 800 series of IOS router should provide the capability that you require. You should be able to use your RV215 connected to the IOS router if you want to do this.

HTH

Rick

HTH

Rick

mathieu.lallemand · ‎03-15-2018

OK, thanks.

If I understand well, I can buy only one 8xx router with multicast capabilities and make a VPN between this new one and my RV215 router. Is that right ?

If yes, I suppose that 8xx router should be on the side where multicast exchange is emitted.

About router choice, 8xx series are a bit expensive for my purpose. I've seen that the RV340 is capable of GRE over IPsec. Could it be sufficient ?

Mathieu

Richard Burts · ‎03-15-2018

Mathieu

I am not clear what device is the peer for the VPN and so do not know if buying a single router is sufficient. You certainly need a new router on the end where your RV215 is and might need a new router on the other end as well. The thing is that the routers on both ends of the VPN must support GRE or VTI.

I am not as familiar with the RV340 and am not able to say for sure if it is sufficient. If it does support GRE with IPsec then it should be sufficient.

HTH

Rick

HTH

Rick