|
Posted by mcaissie on July 2, 2008, 10:56 am
> You didn't need to define the "rp-address" or anything else like that?
My solution is assuming that the multicast Source and Clients are directly
connected on the
inside and dmz subnet. Is it your case ?
If so, you dont't need to activate PIM and you will not have any Rendez-Vous
point.
If you want the ASA to send the multicast traffic to a RP then it's
another ball game.
Where is your multicast Source and clients located exactly ?
Can you do a couple of captures to see if the multicast traffic is at least
reaching
your ASA.
access-list cdmz permit ip any 224.0.0.0 255.0.0.0
access-list cdmz permit ip 224.0.0.0 255.0.0.0 any
capture capdmz access-list cdmz interface dmz2
access-list cin permit ip any 224.0.0.0 255.0.0.0
access-list cin permit ip 224.0.0.0 255.0.0.0 any
capture capin access-list cin interface inside
> Hmmm... Are you sure that's all there was to it?
> It's still not working :(
> You didn't need to define the "rp-address" or anything else like that?
>
> On Mon, 30 Jun 2008 19:24:52 GMT, "mcaissie"
>
>>I have it to work on 7.2(2).
>>
>>We are talking here about having the multicast source directly on the
>>inside or directly
>>on the dmz2 right ? not x hops away ?
>>
>>Same thing for the client right ?
>>
>>Enabling multicast-routing was not enough to make it work. I had to add a
>>static multicast route.
>>(well two since the Source may be on either side)
>>
>>So here is my receipe
>>
>>1- Enable multicast-routing
>>
>>multicast-routing
>>
>>2- Create multicast routes
>>
>>mroute 192.168.105.0 255.255.255.0 inside dense dmz2
>>mroute 192.168.30.0 255.255.255.0 dmz2 dense inside
>>
>>3- Allow multicast traffic in your acl
>>
>> your ok with your permit ip any any , but when you go more granular you
>>will
>>have to specify the destination IP address of the multicast source
>>
>>
>>good luck
>>
>>
>>
>>
>>> To anyone who has ever successfully configured multicasting between
>>> two segments on an ASA5510 v8.0...
>>>
>>> I have been working on this for three days, and even got a whole team
>>> of Cisco support engineers involved without much success.
>>>
>>> Trying to configure multicasting to/from inside and dmz segments,
>>> needs to be bidirectional.
>>>
>>> Below is the starting config, but instead of posting everything we've
>>> tried, I'll just leave it open to start from scratch... Btw, for
>>> testing, we opened up the ACLs all the way as you can see below.
>>>
>>> interface Ethernet0/1
>>> nameif inside
>>> security-level 100
>>> ip address 192.168.30.1 255.255.255.0
>>> !
>>> interface Ethernet0/3
>>> nameif dmz2
>>> security-level 3
>>> ip address 192.168.105.1 255.255.255.0
>>> !
>>> access-list inside_acl extended permit ip any any
>>> access-list dmz2_acl extended permit ip any any
>>> access-list noNAT extended permit ip 192.168.30.0 255.255.255.0
>>> 192.168.105.0 255.255.255.0
>>> access-list dmz2-noNAT extended permit ip 192.168.105.0 255.255.255.0
>>> 192.168.30.0 255.255.255.0
>>> !
>>> access-group inside_acl in interface inside
>>> access-group dmz2_acl in interface dmz2
>>> !
>>> nat (inside) 0 access-list noNAT
>>> nat (inside) 1 0.0.0.0 0.0.0.0
>>> nat (dmz2) 0 access-list dmz2-noNAT
>>> nat (dmz2) 3 0.0.0.0 0.0.0.0
>>> !
>>> global (outside) 1 [publicIPhidden]
>>> global (outside) 3 [publicIPhidden]
>>> !
>>
>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map