• November 29, 2020, 06:09:53 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Multicast Firewall Topology  (Read 2766 times)

0 Members and 1 Guest are viewing this topic.

Offline topendharness

  • Jr. Member
  • **
  • Posts: 25
Multicast Firewall Topology
« on: February 19, 2014, 02:11:18 AM »
Hey Guys,
I was hoping that maybe someone on the forums has had some experience with, or might know of some examples where a multicast sender (source) is on the inside of a firewall and the receivers on the outside within a PIM domain.
I've been trying to allow a multicast stream out of the private network (inside of the security appliance) to users in a different network (another corporation).
Multicast routing has been applied to the Cisco Firewall so all interfaces are running PIM. The RP is on the outside in the PIM domain. Been trying to create a NAT on the outside and messing with permanent subscriptions like "join-group" options to no avail.
PIM seems to use so many multicast and unicast processes to get things working that trying to get the inside interface participating in the domain through ACLs seems insurmountable!!!

Any advice or help would be greatly appreciated. I can supply a diagram if that helps.

*Needless to say, i can make the whole thing work in the opposite direction with the sender on the outside and the receivers on the inside. This is working fine as there are plenty of examples on the net and from Cisco.
« Last Edit: February 19, 2014, 02:13:00 AM by topendharness »

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Multicast Firewall Topology
« Reply #1 on: February 19, 2014, 01:59:55 PM »
The interface you are distributing Multicast from must have a CBSR preference of something above 0 to receive and act on or forward a stream to the other interfaces.
You do have Candidate RP's configured on that interface as well, correct?  You only want to distribute the Multicast traffic designated in that RP list.


Offline topendharness

  • Jr. Member
  • **
  • Posts: 25
Re: Multicast Firewall Topology
« Reply #2 on: February 22, 2014, 06:19:56 PM »
Thanks TankII,
I eventually got this working through NATing the source of the multicast on the inside to the outside and letting the next hop router do the registration (PIM) to the RP. Configuration is working a treat and i can manage security on the outside of the firewall.  :)