Jimmy, As far as I know that's the answer. Generally speaking IPsec tunnels were not logical tunnel interfaces for routing purposes until the VTIs has been introduced.
Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Wed, Mar 17, 2010 at 1:09 PM, Jimmy Larsson <[email protected]> wrote: > So, the problem with multicast over ipsec is not actually a limitation of > ipsec of itself, but rather a limitation when using crypto maps because > crypto-maps are p2mp-concept? > > /J > > 2010/3/17 Piotr Kaluzny <[email protected]> > > Jimmy, >> >> You are right, this is plain IPSec traffic. >> >> Regarding your second question - standard crypto maps are >> point-to-multipoint concept, that's why they don't know which peer to send >> the multicast traffic to. SVTI is a point-to-point connection, multicasts >> will be blindly sent through the tunnel. >> >> Regards, >> >> Piotr Kaluzny >> CCIE #25665 (Security), CCSP, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> >> >> >> On Wed, Mar 17, 2010 at 12:38 PM, Jimmy Larsson <[email protected]>wrote: >> >>> Hi >>> >>> I´ve read the url but still doesn´t really get it. The configuration >>> looks exactly like mine except for the addition of "tunnel mode ipsec ipv4". >>> >>> >>> As far as I can figure the "tunnel mode ipsec ipv4" changes the tunnel >>> from running gre into using plain ipsec. Right? I dont have access to my lab >>> at the moment so I cant verify, but without "tunnel mode ipsec ipv4" the >>> traffic is GRE with a ipsec-content. When adding "tunnel mode ipsec ipv4" I >>> change the tunnel into running native ipsec, which should mean that a >>> sniffer should display ESP transit-traffic. >>> >>> Or am I wrong? >>> >>> If I am right, what happened to the limitation of ipsec when it comes to >>> multicast-traffic? >>> >>> >>> Br Jimmy >>> >>> >>> -- >>> ------- >>> Jimmy Larsson >>> Ryavagen 173 >>> s-26030 Vallakra >>> Sweden >>> http://blogg.kvistofta.nu >>> ------- >>> >> >> >> >> -- >> Piotr Kaluzny >> CCIE #25665 (Security), CCSP, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com >> > > > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
