1. Home
  2. Cisco Systems
  3. multicasting across segments

multicasting across segments

To anyone who has ever successfully configured multicasting between two segments on an ASA5510 v8.0...

I have been working on this for three days, and even got a whole team of Cisco support engineers involved without much success.

Trying to configure multicasting to/from inside and dmz segments, needs to be bidirectional.

Below is the starting config, but instead of posting everything we've tried, I'll just leave it open to start from scratch... Btw, for testing, we opened up the ACLs all the way as you can see below.

interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.30.1 255.255.255.0 ! interface Ethernet0/3 nameif dmz2 security-level 3 ip address 192.168.105.1 255.255.255.0 ! access-list inside_acl extended permit ip any any access-list dmz2_acl extended permit ip any any access-list noNAT extended permit ip 192.168.30.0 255.255.255.0

192.168.105.0 255.255.255.0 access-list dmz2-noNAT extended permit ip 192.168.105.0 255.255.255.0 192.168.30.0 255.255.255.0 ! access-group inside_acl in interface inside access-group dmz2_acl in interface dmz2 ! nat (inside) 0 access-list noNAT nat (inside) 1 0.0.0.0 0.0.0.0 nat (dmz2) 0 access-list dmz2-noNAT nat (dmz2) 3 0.0.0.0 0.0.0.0 ! global (outside) 1 [publicIPhidden] global (outside) 3 [publicIPhidden] !
Reply to
PL
Loading thread data ...

I have it to work on 7.2(2).

We are talking here about having the multicast source directly on the inside or directly on the dmz2 right ? not x hops away ?

Same thing for the client right ?

Enabling multicast-routing was not enough to make it work. I had to add a static multicast route. (well two since the Source may be on either side)

So here is my receipe

1- Enable multicast-routing

multicast-routing

2- Create multicast routes

mroute 192.168.105.0 255.255.255.0 inside dense dmz2 mroute 192.168.30.0 255.255.255.0 dmz2 dense inside

3- Allow multicast traffic in your acl

your ok with your permit ip any any , but when you go more granular you will have to specify the destination IP address of the multicast source

good luck

Reply to
mcaissie

My solution is assuming that the multicast Source and Clients are directly connected on the inside and dmz subnet. Is it your case ?

If so, you dont't need to activate PIM and you will not have any Rendez-Vous point. If you want the ASA to send the multicast traffic to a RP then it's another ball game.

Where is your multicast Source and clients located exactly ?

Can you do a couple of captures to see if the multicast traffic is at least reaching your ASA.

access-list cdmz permit ip any 224.0.0.0 255.0.0.0 access-list cdmz permit ip 224.0.0.0 255.0.0.0 any capture capdmz access-list cdmz interface dmz2

access-list cin permit ip any 224.0.0.0 255.0.0.0 access-list cin permit ip 224.0.0.0 255.0.0.0 any capture capin access-list cin interface inside

Reply to
mcaissie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.