Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2678
Views
0
Helpful
2
Replies

Cisco ASA - IGMP Stub and multicast forwarding

jacques_henry696
Level 1
Level 1

‎02-23-2010 08:35 AM - edited ‎03-11-2019 10:13 AM

Hello,

I am trying to set up a configuration using an ASA 5510 ( V 8.2(1) ) in routing mode to

- act as an IGMP stub in one way

- transparently forward multicast stream in the other way

I used 2 commands (the "multicast-routing" is enabled)

- igmp forward interface (for the IGMP proxy)

- igmp static-group (to forward defined multicast streams) (by the way, it's a shame I cannot use the " igmp static-group * " command like on a C3750)

The following schematic will help you understand:

picture.png

On my LAN, the user is subscribing to the remote Cam 2 multicast stream (230.0.0.1). And on the same LAN, the Cam 1 is sending multicast stream (225.0.0.1) that has to be transparently forwarded to the WAN for distant subscribers.

BUT, the thing is that I cannot use both commands at the same time. In this configuration, the ASA is blocking the Cam 1 stream. Only the incoming stream is forwarded to the LAN. If I disable the IGMP stub function, the Cam 1 stream is going through the firewall! It seems that the first command is suppressing the second command.

So I've found a solution (not THE solution): I use a double physical interface to the WAN from the ASA:

picture2.png

But this is a very "strange" solution...

So do you know why the two commands seems to be incompatible?

(I have one constraint: I cannot enable the PIM protocol on the ASA, It MUST transparently)

Thank you!

Labels:
0 Helpful
2 Replies 2

kennethwebber
Level 1
Level 1

‎04-02-2010 07:16 AM

I can see this is an old post but I was working with a similar issue with Cisco support. They had me put the static join on both LAN and WAN interfaces.

0 Helpful

jacques_henry696
Level 1
Level 1
In response to kennethwebber

‎04-07-2010 01:58 AM

Thanks for the reply! I was thinking I was the only one in this situation.

I didn't think to put the command on both interfaces but I've found an alternative solution (with the mroute command if I remember correctly).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card