11-12-2008 09:53 AM - edited 02-21-2020 03:05 AM
I'm trying to enable multicast between two ASA's connected by a site-to-site vpn tunnel over the internet, like this:
mcast_receiver <---> ASA_remote <---> router <---> ASA_main_office
The multicast source is on the Internet that comes in from a different transit network on the router above.
All traffic is tunneled through the vpn tunnel between ASA's; everything is working except multicast.
Currently I have pim enabled on both asa's, with a rendezvous point set. ACL's are wide open in both directions.
I get this error on the main office ASA:
710005 UDP request discarded from mcast_receiver_ip/port to outside:mcast_address/port
I also see this on the remote ASA:
106012 Deny IP from mcast_receiver_ip to mcast_address, IP options: "Router Alert"
Any help would be greatly appreciated.
Thanks.
11-16-2008 01:47 AM
Hi Michael,
I don't have experience of creating site-to-site VPNs on ASAs, therefore I can only guess.
However, I have experience of it on Cisco routers.
Generally, traditional site-to-site VPNs do not support multicast.
You have to use GRE over IPSec or the new Virtual Tunnel Interfaces to send multicast over an encrypted tunnel when using Cisco routers.
Can this be a solution on ASAs?
I would give it a shot.
Cheers:
Istvan
11-16-2008 06:53 AM
Thanks for the reply -- I did some research on VTI's, and it appears that this is only on IOS-capable devices, not on ASA's. Thanks anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide