Linking via Cisco Routers on Unicast?

[Colt45ws]

Ive desperately tried to get multicast packets to go over my VPN, but I just dont think it will work. Can I do it via Unicast? I want to get two sites going now, but a third just behind the initial two.
I dont have my own public IP. At site 1, Im friends with the site owner and I am going to VPN to his existing public facing UniFi router. Im basically going to make an additional private LAN just for me using VLANs and pop it out a couple ports on the switch.
At site 2 I dont have that luxury, so Im putting a Mikrotik router in front of the Cisco. So itll be effectively double NAT'd. Im going to get it to VPN in to the UniFi and then the two Ciscos will see each other, at least as far as Unicast is concerned.

 

[TRENT310]

What kind of VPN architecture, you can pass that type of traffic with VTI (which appear as interfaces) and with GRE. It will not work with a "policy based" tunnel which doesn't show up to the routing table as any interface. The "policy" of a VTI tunnel SA is 0.0.0.0/0 so it can pass anything, and routing decisions are handled on the routing table.

And yes, even Unifi Security Gateways and Ubiquiti Edgerouters will do it, with its built in Vyatta-ized Strongswan. On a USG you'd have to configure it via command line and add those parameters to the config.gateway.json so it doesn't get overwritten by a controller provisioning push.

 

[Colt45ws]

Ive tested Auto IPSec VTI and Manual IPSec by connecting my Unifi at Home to the Unifi at Site 1 and I was never able to get multicast to go across it. My googling was that it is being blocked by default in the router, and I tried several suggestions for adding a Firewall rule to pass it and never found something working.

 

[phonebuff]

You may want to take some time and read through this thread. Some really great information --

Telex IP-223 over GRE tunnel

I am having an issue where I can not use my IP-223's at either end of a GRE Tunnel. I have a GRE Tunnel between my work and my home. The tunnel works fine, I can access devices at either end of the tunnel. I am able to login into the IP-223, C6200 and IP-1616 consoles at each location from...

communications.support

 

[Colt45ws]

I guess I could tunnel from Cisco to Cisco within my already set-up VPN tunnel. I really dont know how else to make it work if I cant do the VOIP portion over Unicast.
Ill start trying to use that path since passing multicast directly over the VPN is not possible. Kinda hacky but I think it'll work. Considering how much time Ive burned up try to get it to work, that should be a nice shortcut.

 

[phonebuff]

The DCBNet solution is much better for simpler networks and those who are not Cisco guru's.

 

[Colt45ws]

Yikes, thats a lot of bills for a pair of those. Ill figure out the Cisco for that much even if it breaks my brain.