ISP broadcasts around 9 video multicast (addresses listed in the picture). ASA5510 8.0 (3) gets all multicasts. At ASA is set PAT for the internal network. The internal network has about 10 VLans and they all terminated on Cisco 3560 (ADVIPSERVICESK9-M, Version 12.2(44)SE2). Each Cisco 2960 has about up to 5 Vlans.
Objective: to distribute multicasts to end users at their request (for example, for those who are on vlan 4).
What I did:
At Cisco 3560
[code] ip multicast-routing distributed
ip address 10.0.0.69 255.255.255.192
ip pim passive
description To Firewall
ip address 10.0.2.5 255.255.255.248
ip pim sparse-dense-mode
! [/ code]
interface Ethernet0 / 1
ip address 82.179.x.x 255.255.255.240
igmp join-group 126.96.36.199
pim rp-address 82.179.y.y
! [/ code]
But with such settings end-users do not receive the video.
[code] asa5510 # sh mroute
Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group,
C - Connected, L - Local, I - Received Source Specific Host Report,
P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set,
J - Join SPT
Timers: Uptime / Expires
Interface state: Interface, State
(*, 188.8.131.52), 07:07:32 / never, RP 82.179.y.y, flags: SCLJ
I also have similar multicast problem with my FWSM with 4.01 OS. I found that the only thing I can make multicast work is to configure inside and outside interface in the firewall to the same security level (I configure them to both 100), then use "same-security-level permit inter" command, after that, the multicast work. You can still use ACL to control and filter traffic. I am trying to find that if it's a bug
The dst_ip_addr argument is the IP address of the multicast group being permitted or denied.
StepÂ 2- Apply the access list to an interface by entering the following command:
hostname(config-if)# igmp access-group acl
The acl argument is the name of a standard or extended IP access list.
For example, using standard ACL:
access-list Multicast1 standard permit host 184.108.40.206
To the outside interface, apply
igmp access-group Multicast1
Or you can remove all of your previous multicast config and simply put the ASA in multicast Stub Mode with the following command apply to the inside interface:
igmp forward interface outside.
This way, the ASA will simply forward IGMP message from inside to outside. I have not tested it, but I suppose the ASA will open a translation to leave the multicast feed coming in the outside interface. If it's not the case, look about creating a static translation & ACL/Access-group to leave the mcast traffic passing through.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...