From: Scott Ralph (scottralph@gmail.com)
Date: Thu Jul 17 2008 - 19:35:35 ART
Hi
So basically - IPsec can't forward multicast traffic I need a GRE tunnel or
a VTI tunnel to perfor m this? I have a Cisco router that has a IPsec tunnel
- it will recognize IGMP memberships but will not forward the traffic?
Scott
On 2/12/07, Scott Morris <swm@emanon.com> wrote:
>
> Actually, there's been a draft standard for a while about doing secure
> multicast without using GRE tunnels.
>
>
> http://www.securemulticast.org/draft-ietf-msec-ipsec-multicast-issues-00.txt
>
> There are some enhancements that Cisco does work with allowing for "group"
> based keys and implementing Secure multicast sessions.
>
>
> http://www.cisco.com/en/US/products/ps6635/products_white_paper0900aecd80471
> 91e.shtml
>
> http://www.cisco.com/en/US/partner/products/ps6441/products_feature_guide091
> 86a008061864e.html
>
> However, those are only in newer IOS versions AFAIK and I don't believe the
> 3620 will be able to support those.
>
> At this point, there isn't a formal RFC that I've run across, but the draft
> doesn't expire until April, so we may see something yet.
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
> #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> IPexpert VP - Curriculum Development
> IPexpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Sergey Golovanov
> Sent: Monday, February 12, 2007 2:04 AM
> To: Nouman, Khan; ccielab@groupstudy.com
> Subject: Re: Multicasting over IPSec in 3620
>
> They forgot to include Multicast into IPSEC RFC :) So, no, you can't send
> multicast over IPSEC. You'd have to do GRE tunnel inside IPSEC
>
> --------------------------------------------------------------------
> Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
> "Please, don't ask me for my ccie #, there are reasons why I can't release
> it"
> ieMentor Instructor and Content Developer sergey.golovanov@iementor.com
> http://www.iementor.com
>
>
> > -------Original Message-------
> > From: Nouman, Khan <nouman.khan@mis.com.sa>
> > Subject: Multicasting over IPSec in 3620
> > Sent: Feb 12 '07 01:28
> >
> > Hi,
> >
> >
> >
> > I need to confirm if ipsec supports multicasting? can i multicast
> > over ipsec vpn between a router and a vpn client?
> >
> > I have Cisco 3620 router with remote access users using vpn client?
> >
> >
> >
> > Can somebody provide me a useful link ?
> >
> >
> >
> > Regards,
> >
> >
> >
> > Nouman
> >
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Scott Ralph
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART