RE: Multicasting over IPSec in 3620

From: Scott Morris (swm@emanon.com)
Date: Mon Feb 12 2007 - 09:24:21 ART

• Next message: Thomas Fowles: "Re: Problem with NAT-PT Static"
• Previous message: ManojCCIE: "Test Message - IGNORE"
• Maybe in reply to: Nouman, Khan: "Multicasting over IPSec in 3620"
• Next in thread: Loc Pham: "Re: Multicasting over IPSec in 3620"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually, there's been a draft standard for a while about doing secure
multicast without using GRE tunnels.

http://www.securemulticast.org/draft-ietf-msec-ipsec-multicast-issues-00.txt

There are some enhancements that Cisco does work with allowing for "group"
based keys and implementing Secure multicast sessions.

http://www.cisco.com/en/US/products/ps6635/products_white_paper0900aecd80471
91e.shtml
http://www.cisco.com/en/US/partner/products/ps6441/products_feature_guide091
86a008061864e.html

However, those are only in newer IOS versions AFAIK and I don't believe the
3620 will be able to support those.

At this point, there isn't a formal RFC that I've run across, but the draft
doesn't expire until April, so we may see something yet.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sergey Golovanov
Sent: Monday, February 12, 2007 2:04 AM
To: Nouman, Khan; ccielab@groupstudy.com
Subject: Re: Multicasting over IPSec in 3620

They forgot to include Multicast into IPSEC RFC :) So, no, you can't send
multicast over IPSEC. You'd have to do GRE tunnel inside IPSEC

--------------------------------------------------------------------
Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
"Please, don't ask me for my ccie #, there are reasons why I can't release
it"
ieMentor Instructor and Content Developer sergey.golovanov@iementor.com
http://www.iementor.com

> -------Original Message-------
> From: Nouman, Khan <nouman.khan@mis.com.sa>
> Subject: Multicasting over IPSec in 3620
> Sent: Feb 12 '07 01:28
>
> Hi,
>
>
>
> I need to confirm if ipsec supports multicasting? can i multicast
> over ipsec vpn between a router and a vpn client?
>
> I have Cisco 3620 router with remote access users using vpn client?
>
>
>
> Can somebody provide me a useful link ?
>
>
>
> Regards,
>
>
>
> Nouman
>
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Thomas Fowles: "Re: Problem with NAT-PT Static"
• Previous message: ManojCCIE: "Test Message - IGNORE"
• Maybe in reply to: Nouman, Khan: "Multicasting over IPSec in 3620"
• Next in thread: Loc Pham: "Re: Multicasting over IPSec in 3620"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART