The invention provides a method for multicast transport in an Internet protocol secure tunnel and a device. The method comprises: a local terminal device of an IPSec tunnel automatically mirrors a destination address configured by an opposite terminal device to be an ACL rule of a multicast address, bases on the respective configured destination addresses of the local terminal device and the opposite terminal device to the ACL rule of the PIM protocol multicast address and builds an IPSEC tunnel of a PIM protocol message between the local terminal device and the opposite terminal device; the local terminal device receives the PIM protocol message transmitted by the opposite terminal device on the IPSEC tunnel of the PIM protocol message, and directly adds the opposite terminal device intoa primary PIM neighbor table when the local terminal device judges that the received PIM protocol message is a PIM hello message, and the PIM neighborhood between the local terminal device and the opposite terminal device is built; the local terminal device transmits messages of a multicast group according to PIM protocol. According to the invention, the PIM neighborhood based on the IPSec tunnelis built between two private networks by IPSec so as to realize multicast transport in the IPSec tunnel.