03-29-2004 12:50 AM - edited 02-20-2020 11:18 PM
Hi!
I'm trying to configure simple multicast forwarding on PIX with client on the outside (IOS Router that pings 224.1.1.1) and server on the inside (IOS Router that joins 224.1.1.1), but it doesn't work. I see, that IGMP is working well, PIX proxy reports to the outside and the multicast server sees the reports:
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0/0 1d16h 00:02:31 10.10.10.1
224.0.1.40 Ethernet0/0 01:24:09 00:02:29 10.10.10.13
The 10.10.10.1 is the PIX outside address.
The PIX config:
PIX(config)# sh multicast
multicast interface outside
multicast interface inside
igmp forward interface outside
PIX(config)# sh igmp
IGMP is enabled on interface outside
IGMP querying router is 10.10.10.5
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
IGMP is enabled on interface inside
Current IGMP version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 125 seconds
IGMP max query response time is 10 seconds
Last member query response interval is 1 seconds
Inbound IGMP access group is
IGMP max groups is 500
IGMP activity: 2 joins, 0 leaves
IGMP forwarding on interface outside
IGMP querying router is 62.9.1.1 (this system)
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 inside 01:42:33 00:01:46 62.9.1.254
224.0.1.40 inside 00:22:17 00:01:49 62.9.1.254
The PIX IGMP table also looks good. Mfwd table:
PIX(config)# sh mroute
IP Multicast Forwarding Information Base
Entry flags: C - Directly-Connected Check, S - Signal, D - Drop
Interface flags: F - Forward, A - Accept, IC - Internal Copy,
NS - Negate Signal, DP - Don't Preserve, SP - Signal Present,
EG - Egress
Forwarding Counts: Packets in/Packets out/Bytes out
Failure Counts: RPF / TTL / Empty Olist / Other
(*,224.1.1.1), Flags: S
Last Used: never
Forwarding Counts: 0/0/0
Failure Counts: 0/0/0/0
inside Flags: F
(*,224.0.1.40), Flags: S
Last Used: never
Forwarding Counts: 0/0/0
Failure Counts: 0/0/0/0
inside Flags: F
When I try to ping 224.1.1.1 from the multicast server (10.10.10.5) I see packet received on the outside interface with the "debug packet outside", but it is not forwarded to the inside and "debug mfwd" shows nothing AND ACL counter (permit icmp any any) not incremented.
Other relevant parts of the PIX config:
ip address outside 10.10.10.1 255.255.255.0
ip address inside 62.9.1.1 255.255.255.0
access-group 100 in interface outside
access-list 100 line 1 permit icmp any any
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
The second problem is with the reverse config (multicast server on the inside). When I try to add static mroute it is not even shown in the multicast forwarding table with "show mroute"!!!
mroute 62.9.1.254 255.255.255.255 inside 224.1.1.1 255.255.255.255 outside
Any help is greatly appreciated!
04-05-2004 06:35 AM
For forwarding multicast traffic, only two conditions need to be satisfied on the PIX.
- Enable the interface for multicast traffic using the multicast interface
-Use the mroute command to staticlly defined who will be sending the traffic, and which interface the traffic should be sent trough. If both these conditions are satisfied, you should not have a problem. I could not find any bugs either. As a last resort, you could try saving your config and rebooting. Hope that works
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide