So, the problem with multicast over ipsec is not actually a limitation of ipsec of itself, but rather a limitation when using crypto maps because crypto-maps are p2mp-concept?
/J 2010/3/17 Piotr Kaluzny <[email protected]> > Jimmy, > > You are right, this is plain IPSec traffic. > > Regarding your second question - standard crypto maps are > point-to-multipoint concept, that's why they don't know which peer to send > the multicast traffic to. SVTI is a point-to-point connection, multicasts > will be blindly sent through the tunnel. > > Regards, > > Piotr Kaluzny > CCIE #25665 (Security), CCSP, CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com > > > > > On Wed, Mar 17, 2010 at 12:38 PM, Jimmy Larsson <[email protected]>wrote: > >> Hi >> >> I´ve read the url but still doesn´t really get it. The configuration looks >> exactly like mine except for the addition of "tunnel mode ipsec ipv4". >> >> As far as I can figure the "tunnel mode ipsec ipv4" changes the tunnel >> from running gre into using plain ipsec. Right? I dont have access to my lab >> at the moment so I cant verify, but without "tunnel mode ipsec ipv4" the >> traffic is GRE with a ipsec-content. When adding "tunnel mode ipsec ipv4" I >> change the tunnel into running native ipsec, which should mean that a >> sniffer should display ESP transit-traffic. >> >> Or am I wrong? >> >> If I am right, what happened to the limitation of ipsec when it comes to >> multicast-traffic? >> >> >> Br Jimmy >> >> >> -- >> ------- >> Jimmy Larsson >> Ryavagen 173 >> s-26030 Vallakra >> Sweden >> http://blogg.kvistofta.nu >> ------- >> > > > > -- > Piotr Kaluzny > CCIE #25665 (Security), CCSP, CCNP > Sr. Support Engineer - IPexpert, Inc. > URL: http://www.IPexpert.com > -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
