Multicast Video Stream across ASA Remote Access VPN Tunnel?
I think the answer may be "not possible", but thought I'd run it by experts first.
We are planning on multicast video/audio streaming the speech our company president gives during an upcoming "End of Fiscal Year" party.
We will multicast it using our Tandberg VC system to our other 4 remote offices. We have a number of "Far Flung" employees who connect in to our location via VPN. Ideally we would like them to be able to view the stream as well over the VPN tunnel using the Cisco VPN Client and an ASA5520.
Is this possible? And if it is, what's the config?
I enabled Multicast routing on the ASA and I added the specific multicast address for the stream to the split-tunnel networks in the VPN config. I know there's probably more (the multicast group addresses that are sent the join commands?), but before I start exploring that, better to find out if this is possible than to bang my head against the wall when it's not working.
Re: Multicast Video Stream across ASA Remote Access VPN Tunnel?
as far as I know there's just the 224.0.0.X that is not allowed to pass any layer 3 boundary. The 224 are restricted to the segment exclusively. For instance, routing updates are sent via a multicast in that range, and you shure do not want these to hop over a L3 boundary, a router respectively.
From the Cisco Press Book CCNP BSCI Chapter 17 page 471 and following:
Multicast IP Addressing
in addition to the Class D multicast address space, some IP multicast address have been reserved for particular uses, such as the following:
Link-local addresses (22.214.171.124/24) - used on a local segment (TTL=1) only. Routers do not forward these packets because of TTL. These are known as fixed-group addresses because they are well-known and predefined......
I believe you're running the stream on a 126.96.36.199/8 (Administratively scoped addresses), right? I think it should work. I've never tried it on the other hand.
Multicast routing needs to be enabled (of course) globally - BUT - necessarily on a router the Router (config-if)#ip pim XXXXX command needs to be added on a interface by interface basis, too.
I haven't seen the configuration on the ASA yet. Have you tried to get any channel through a VPN already, with VLC-Player for example?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...