Multicast across site to site VPN.

[criticalUpdate]

Would like to setup Multicasting, would like to use the built in features of 6.2 and above because at the branch I do not want to have to add another router just for multicasting.


setup as follows...

Branch pix506 <-> internetIPSECTunnel <-> Central pix506 <-> NBXphoneSystem


need to get some multicast traffic to support some features of the NBX phone system back to the branch office. Want to send multicast traffic only through the tunnel and not to the outside world



Jeff

 

[bytehd]

From 6.3 Config PDF:

"The Internet Group Management Protocol (IGMP) is used to dynamically register specific hosts in a
multicast group on a particular LAN with a multicast (MC) router. MC routers efficiently route multicast
data transmissions to the hosts on each LAN in an internetwork that are registered to receive specific
multimedia or other broadcasts.

PIX Firewall Version 6.2 or higher provides the Stub Multicast Routing (SMR) feature. SMR lets the
PIX Firewall function as a “stub router,” which is a device that acts as an IGMP proxy agent. A stub
router does not operate as a full MC router, but simply forwards IGMP messages between hosts and MC
routers."

http://www.insyncva.com

 

[bytehd]

Here is more:

Example 2-8 Inside Transmission Sources
The following example configures the inside and DMZ sources with no internal receivers:

multicast interface outside
multicast interface inside
multicast interface dmz
mroute 1.1.1.1 255.255.255.255 inside 230.1.1.2 255.255.255.255 outside
mroute 2.2.2.2 255.255.255.255 dmz 230.1.1.2 255.255.255.255 outside

http://www.insyncva.com

 

[bytehd]

The down and dirty starts on Page 102 in the PDF

http://www.insyncva.com/docs/63config.pdf

http://www.insyncva.com

 

[308win]

My understanding is that yes, PIX supports multicast, but not through IPSec tunnel. What you need is a router behind each firewall with a GRE tunnel. Thats what we did to get our 2 NBX's talking.