Jimmy, You are right, this is plain IPSec traffic.
Regarding your second question - standard crypto maps are point-to-multipoint concept, that's why they don't know which peer to send the multicast traffic to. SVTI is a point-to-point connection, multicasts will be blindly sent through the tunnel. Regards, Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Wed, Mar 17, 2010 at 12:38 PM, Jimmy Larsson <[email protected]> wrote: > Hi > > I´ve read the url but still doesn´t really get it. The configuration looks > exactly like mine except for the addition of "tunnel mode ipsec ipv4". > > As far as I can figure the "tunnel mode ipsec ipv4" changes the tunnel from > running gre into using plain ipsec. Right? I dont have access to my lab at > the moment so I cant verify, but without "tunnel mode ipsec ipv4" the > traffic is GRE with a ipsec-content. When adding "tunnel mode ipsec ipv4" I > change the tunnel into running native ipsec, which should mean that a > sniffer should display ESP transit-traffic. > > Or am I wrong? > > If I am right, what happened to the limitation of ipsec when it comes to > multicast-traffic? > > > Br Jimmy > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
