PIM and multicast routing on IPSec tunnel

  • Here is the Cisco example config from remote party:
    ip multicast-routing
    crypto isakmp policy 2
    encr 3des
    hash md5
    authentication pre-share
    crypto isakmp key 123 address
    crypto ipsec transform-set remotevpn esp-3des esp-md5-hmac
    crypto map remotevpn 1 ipsec-isakmp
    set peer
    set transform-set remotevpn
    match address 100
    interface Loopback0
    ip address
    interface Tunnel0
    ip address
    ip pim sparse-mode
    tunnel source
    tunnel destination
    interface fa0/0
    ip address
    ip pim sparse-mode
    duplex auto
    speed auto
    no cdp enable
    interface fa0/1
    ip address 255.255.255.x
    crypto map remotevpn
    ip access-group 199 in
    ip route Tunnel0
    ip route Tunnel0

    ip route
    ip route
    ip classless
    ip pim rp-address
    ip mroute  tunnel0
    ip mroute tunnel0

    access-list 100 permit ip
    access-list 100 permit host host

    access-list 199 permit host host
    access-list 199 permit ip
    access-list 199 permit udp any any eq isakmp
    access-list 199 permit ahp any any
    access-list 199 permit esp any any


    1. how could I create loopback0 and tunnel0 interface?
    2. does pfsense support PIM and multicast routing?


    I am no longer being able to test this one as project is ended, I end up using Cisco router to connect instead of using pfsense.

  • PIM is NOT supported in pfsense.  tunnel0 is just a GRE tunnel and pfsense does support that. PIM is supported in FreeBSD so I'm sure it could be implemented by pfSense at a later date if they choose too.

  • PIM would be fine even IGMP Proxy handles only one up-stream … It is a problem in case of VLANs where you might have more than one sender of multicast ...

Log in to reply