Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1312
Views
0
Helpful
4
Replies

How to multicast Symantec Ghost over a FWSM

patoberli
VIP Alumni
VIP Alumni

‎09-13-2006 04:07 AM - edited ‎03-09-2019 04:10 PM

Hello

I just can't get multicast with Symantec Ghost to work over the FWSM with software version 3.1.3.

The ghost server is in a Vlan (Vlan 200) protected by the FWSM, the clients which should be ghosted are not behind the FWSM in a different Vlan (Vlan 15).

I configure the FWSM with the Security Manager CSM 3.1.

How should the correct config look?

This is what I found in the FWSM config which is probably connected to the Multicast:

multicast-routing

interface Vlan200

nameif server

security-level 50

ip address a.a.200.1 255.255.252.0 standby a.a.200.2

igmp forward interface clients

mroute a.a.224.10 255.255.255.255 transit1

mroute a.a.201.66 255.255.255.255 dozpers

Maybe there are also other lines which I missed.

Anyway, I can see the clients on the ghost server, but if I start the push, then the clients don't recieve the packets.

The hardware is a Cat 6500 with IOS 12.2 and some Gig Ethernet cards where switchs are connected to.

Thanks,

Patrick

[edit]

Here the logfile from Ghost:

Log Level Informational

4136031 GhostSrv 8.3.0.1331

Fri Aug 18 13:05:25 2006

Initialising RML

4136046 rml_get_local_interfaces found these IP addresses:

a.a.201.66

RML Initialised

RML socket send buffer size set to 549504

Setting UDP socket receive buffer size to 20034

UDP socket receive buffer size set to 20034

RML socket receive buffer size set to 17172

4136062 Throttle value:0 mb/min

Length of tick in seconds:0.001000

Ticks per throttle bucket:15

Throttle byte count limit[0] = 0

Throttle byte count limit[1] = 0

Throttle byte count limit[2] = 0

Throttle byte count limit[3] = 0

Throttle byte count limit[4] = 0

Throttle byte count limit[5] = 0

Throttle byte count limit[6] = 0

Throttle byte count limit[7] = 0

Throttle value:0 mb/min

Length of tick in seconds:0.001000

Ticks per throttle bucket:15

Throttle byte count limit[0] = 0

Throttle byte count limit[1] = 0

Throttle byte count limit[2] = 0

Throttle byte count limit[3] = 0

Throttle byte count limit[4] = 0

Throttle byte count limit[5] = 0

Throttle byte count limit[6] = 0

Throttle byte count limit[7] = 0

RML socket send buffer size set to 4194304

Server multicast address set to 224.77.52.123

Throttle value:1500 mb/min

Length of tick in seconds:0.001000

Ticks per throttle bucket:15

Throttle byte count limit[0] = 780335

Throttle byte count limit[1] = 1170503

Throttle byte count limit[2] = 1950839

Throttle byte count limit[3] = 3511510

Throttle byte count limit[4] = 6632852

Throttle byte count limit[5] = 12875537

Throttle byte count limit[6] = 25360907

Throttle byte count limit[7] = 50331648

Bound RML socket to 0.0.0.0:1228

Setting multicast scope to 16

Bound TCP socket to 0.0.0.0:1229

Bound UDP socket to 0.0.0.0:6666

Interface a.a.201.66 (0) ws2AddMembership succeeded

4323546 Telling client (a.a.25.81) to use Multicast data transfer mode

Sent second packet unicast

4324531 UDM Destination count now 1

Multicast: 224.77.52.123:7777 0.0.0.0

4490546 RML Statistics

Retransmits on Timeout: 7

End RML Statistics

Shutting down RML

RML shutdown

Log Level None

Labels:
0 Helpful
4 Replies 4

smahbub
Level 6
Level 6

‎09-19-2006 05:47 AM

Does the problem lie only with Symantec Ghost.See if IGMP is enabled on the switch and also on the entire network.Also if multicasting works throughout the network.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to smahbub

‎09-19-2006 06:49 AM

Hi smahbub

Multicasting works as long as the ghost server is on the same VLAN as the clients.

The problem starts when it's being routed.

Currently I can only test it routed through the FWSM.

Patrick

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to patoberli

‎09-29-2006 05:55 AM

I could solve it now with the help of a CCIE :)

Here the solution (just the config which was wrong or missing).

On the router:

int vlan22

ip pim sparse-dense-mode

int vlan24

ip pim sparse-dense-mode

int vlan32

ip pim sparse-dense-mode

int vlan40

ip pim sparse-dense-mode

int vlan192

ip pim sparse-dense-mode

int vlan220

ip pim sparse-dense-mode

int vlan224

ip pim sparse-dense-mode

int vlan229

ip pim sparse-dense-mode

int vlan900

ip pim sparse-dense-mode

ip pim rp-address 192.168.10.1

And the FWSM:

access-list transit1 remark Multicast Temp

access-list transit1 permit ip any host 229.55.150.208

access-list transit1 permit ip any host a.a.224.10

access-list transit1 permit ip any 224.77.0.0 255.255.0.0

access-list transit1 permit ip any a.a.24.0 255.255.252.0

interface Vlan200

no igmp forward interface transit1

exit

no mroute a.a.201.66 255.255.255.255 dozpers

no mroute a.a.224.10 255.255.255.255 transit1

pim old-register-checksum

pim rp-address 192.168.10.1 bidir

Hope this will help other people!

Patrick

0 Helpful

steve.dutky
Level 1
Level 1
In response to patoberli

‎11-03-2006 12:30 PM

I'm still gnashing my teeth with keeping Ghost from flooding.

I've got it to work semi-acceptably enabling ip multicast-routing and ip pim dense mode on the desired vlan.

Multicast Vlan Registration (see 20-13 c3550 guide doc#78-11194-09) looked promising, but I was unable to get it right: all ports still lit up and ground to halt.

Have you considered/tried/had any luck with this?

Thanks, Steve

0 Helpful
Customers Also Viewed These Support Documents