Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

PIX 6.3.3 - multicast forwarding not working

ovt
Level 4
Level 4

‎03-29-2004 12:50 AM - edited ‎02-20-2020 11:18 PM

Hi!

I'm trying to configure simple multicast forwarding on PIX with client on the outside (IOS Router that pings 224.1.1.1) and server on the inside (IOS Router that joins 224.1.1.1), but it doesn't work. I see, that IGMP is working well, PIX proxy reports to the outside and the multicast server sees the reports:

IGMP Connected Group Membership

Group Address Interface Uptime Expires Last Reporter

224.1.1.1 Ethernet0/0 1d16h 00:02:31 10.10.10.1

224.0.1.40 Ethernet0/0 01:24:09 00:02:29 10.10.10.13

The 10.10.10.1 is the PIX outside address.

The PIX config:

PIX(config)# sh multicast

multicast interface outside

multicast interface inside

igmp forward interface outside

PIX(config)# sh igmp

IGMP is enabled on interface outside

IGMP querying router is 10.10.10.5

IGMP Connected Group Membership

Group Address Interface Uptime Expires Last Reporter

IGMP is enabled on interface inside

Current IGMP version is 2

IGMP query interval is 60 seconds

IGMP querier timeout is 125 seconds

IGMP max query response time is 10 seconds

Last member query response interval is 1 seconds

Inbound IGMP access group is

IGMP max groups is 500

IGMP activity: 2 joins, 0 leaves

IGMP forwarding on interface outside

IGMP querying router is 62.9.1.1 (this system)

IGMP Connected Group Membership

Group Address Interface Uptime Expires Last Reporter

224.1.1.1 inside 01:42:33 00:01:46 62.9.1.254

224.0.1.40 inside 00:22:17 00:01:49 62.9.1.254

The PIX IGMP table also looks good. Mfwd table:

PIX(config)# sh mroute

IP Multicast Forwarding Information Base

Entry flags: C - Directly-Connected Check, S - Signal, D - Drop

Interface flags: F - Forward, A - Accept, IC - Internal Copy,

NS - Negate Signal, DP - Don't Preserve, SP - Signal Present,

EG - Egress

Forwarding Counts: Packets in/Packets out/Bytes out

Failure Counts: RPF / TTL / Empty Olist / Other

(*,224.1.1.1), Flags: S

Last Used: never

Forwarding Counts: 0/0/0

Failure Counts: 0/0/0/0

inside Flags: F

(*,224.0.1.40), Flags: S

Last Used: never

Forwarding Counts: 0/0/0

Failure Counts: 0/0/0/0

inside Flags: F

When I try to ping 224.1.1.1 from the multicast server (10.10.10.5) I see packet received on the outside interface with the "debug packet outside", but it is not forwarded to the inside and "debug mfwd" shows nothing AND ACL counter (permit icmp any any) not incremented.

Other relevant parts of the PIX config:

ip address outside 10.10.10.1 255.255.255.0

ip address inside 62.9.1.1 255.255.255.0

access-group 100 in interface outside

access-list 100 line 1 permit icmp any any

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

global (outside) 1 interface

The second problem is with the reverse config (multicast server on the inside). When I try to add static mroute it is not even shown in the multicast forwarding table with "show mroute"!!!

mroute 62.9.1.254 255.255.255.255 inside 224.1.1.1 255.255.255.255 outside

Any help is greatly appreciated!

0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎04-05-2004 06:35 AM

For forwarding multicast traffic, only two conditions need to be satisfied on the PIX.

- Enable the interface for multicast traffic using the multicast interface command

-Use the mroute command to staticlly defined who will be sending the traffic, and which interface the traffic should be sent trough. If both these conditions are satisfied, you should not have a problem. I could not find any bugs either. As a last resort, you could try saving your config and rebooting. Hope that works

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card