05-20-2008 06:30 AM - edited 03-03-2019 10:01 PM
We have two remote locations, each uses a CISCO dsl router (model: 870) which is setup to offer internet access as well as a VPN between the two locations.
Location 1 is 192.168.1.0 and location 2 is 192.168.2.0. Both networks are accessible and they can interconnect (remote desktop works fine, pinging works fine, etc etc).
We are using a special application between the two locations, location 1 has the server and location 2 has a client PC which connects to the server. The application connects to the server via TCP on a dedicated port (9191) and everything looks ok.
Unfortunately, the server sends replies in broadcast or multicast or whatever (yeah i know , its a bad implementation), which means that the client never receives an "ok" from the server because broadcast packets are not forwarded between the two locations over the VPN.
So here my question:
How do i forward broadcast packets? I'm only interested to forward packets from the server on location 1 to location 2, i'm not interested to forward ALL broadcast packets from location 1 to location 2.
Any help would be appreciated.
Thank you.
05-20-2008 07:12 AM
Babis,
A router will never forward a broadcast , let alone in a VPN tunnel. Unicast of course - multicast sure, if you tunnel them in GRE. Broadcast - nope.
I would take a closer look at the application if I was you as it sounds like it does not confirm to basic TCP/IP operation in the ISO model. Sounds like it was designed to run on a LAN in the same broadcast domain!
HTH.
05-20-2008 07:31 AM
hmm weird, because i was told that i should be able to turn a broadcast into a directional
broadcast or at least a unicast on the lan side with the ip helper address command on the inside of your source.
google turned up a few links but nothing related to CISCO routers.
05-20-2008 07:36 AM
The IP helper address command is for primarily for bootp & dhcp, used for forwarding UDP broadcasts!
Not applications!
HTH.
05-20-2008 07:41 AM
Thats why i mention in my first post that the application we are using is badly implemented.
These broadcasts are usually found on multiplayer games over LAN, not on financial applications.
Anyway, since this what what i've got to work with, i don't have any other option.
How can i use this feature to forward broadcasts then?
05-20-2008 07:47 AM
I cannot seriously see any way to use ip helper address to forward your apps TCP broadcast's.
Do you know what the broadcast address is? 255.255.255.255 or class specific like 172.16.255.255 ?
05-20-2008 08:12 AM
I believe the broadcast address is 255.255.255.255 based on my sniffing of the packets.
05-20-2008 08:22 AM
Sorry mate - done some searching, and on what I have found; it's not possible.
05-20-2008 08:26 AM
Babis
Andrew takes a somewhat limited view of the possible use of helper-address. If your broadcasts were UDP then I believe that helper-address would do exactly what you want. But helper-address is for UDP not TCP broadcasts. So if your broadcasts are TCP then helper-address will not be much help.
I do not believe that there is a Cisco solution for your issue. Perhaps you could write a small application that would listen for broadcasts on that TCP port and would then generate unicast versions of the packet.
HTH
Rick
05-20-2008 10:28 AM
Actually, i never mentioned TCP or UDP, so far i know the packets are broadcasts but in the next few days i'll know if they are TCP or UDP.
I suspect they are UDP because the "tech support" says they've setup the same application on other VPN networks and they got it working.
Can you please tell me how "helper-address" works?
All i want is to forward broadcast packets from ip 192.168.1.10 to network 192.168.2.0.
05-20-2008 10:46 AM
Babis
Perhaps you did not really mean it, but in your original post you said:
"The application connects to the server via TCP on a dedicated port (9191)"
and some of us understood that literally.
If the broadcasts are indeed UDP then helper address may solve your problem. Here is how ip helper-address works: when you configure ip helper-address on an interface the interface begins to listen for UDP broadcasts that qualify. When it receives a qualifying broadcast then the router creates a unicast (or directed broadcast if configured for that) copy of the broadcast frame and sends it to the destination that you specify when you configure the ip helper-address.
So the response from Andrew was correct that routers never forward broadcasts because the broadcast itself is not forwarded. But a copy of the broadcast is created and that is what is forwarded.
Another aspect of this is the conept of qualifying broadcasts. The helper-address does not forward all broadcasts but only forwards selected broadcasts. There are several types of broadcast UDP frames that qualify by default (these include bootp/dhcp, tftp, and a few other). You can qualify additional types of broadcast using the command ip forward-protocol to specify additional UDP ports.
So assuming that the broadcasts do turn out to be UDP then you would want to configure something like this:
ip forward-protocol udp 9191
interface fastether x/y
ip helper-address
If the
specified is unicast then a unicast copy if forwarded. If the is the broadcast address of the remote subnet then a directed broadcast is forwarded. (note that directed broadcast is not enabled by default. So if you want the directed broadcast to work you need to configure ip directed-broadcast on the receiving interface - the interface of the subnet to which you are forwarding).HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: