When IPsec VPNs are designed, what is a unique requirement if support for IP Multicast is required?
When IPsec VPNs are designed, what is a unique requirement if support for IP Multicast is required?
IPsec VPNs do not natively support multicast traffic. To overcome this limitation, encapsulation of traffic with GRE (Generic Routing Encapsulation) or VTI (Virtual Tunnel Interface) is employed. GRE allows multicast packets to be encapsulated within another IP packet, making it possible to transport multicast traffic over an IPsec VPN.
Dynamic routing protocols rely on using IP multicast or broadcast packets, but IPsec does not support encrypting multicast or broadcast packets. The current method for solving this problem is to use generic routing encapsulation (GRE) tunnels in combination with IPsec encryption. https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html
IPSec does not allow to transmit Multicast and Broadcast traffic via a IPSec VPN, so we should use GRE.
A is correct. IPsec does not natively support multicast traffic so encapsulation via GRE is commonly used.