Here's a standard setup using a VPN as a backup for a leased line:
(More networks) --C3750 -- ASA -- Internet -- ASA -- C3750-- (More networks)
It works fine for unicast traffic with EIGRP, and some static routes that kick in when the line goes out, allowing traffic from any network to any other network.
However, our new network layer software needs to use multicast. What is required to get this to work in the same way?
I've discovered the following:
- The IPsec VPN will not forward multicasts.
- Other solutions involve a GRE tunnel between the routers, which then goes into a tunnel on the VPN. But 3750s and ASAs don't do GRE tunnels.
- I've read about Virtual Tunnel Interfaces (VTI), but then how do you specify that encryption is unnecessary if the leased line is up? Perhaps you don't need to?
- I also don't know what PIM mode to use. I saw that spare-dense is highly recommended, and I'd rather avoid configuring my own RPs if that's possible. But then apparently the ASAs don't do sparse-dense.
What's the recommended solution for this? I figure it is a pretty standard architecture, and perhaps someone has a standard configuration.