Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
4
Replies

Is multicast supported on the ASA5510 for IPSec VPN CLients

bmack
Level 1
Level 1

‎12-07-2011 03:13 PM - edited ‎02-21-2020 05:45 PM

Hello,

Our customer is using multicast in their internal network for their IP video deployemnt. Internally on the network everything is working great.

We have two folks in management who want to be able to view the live multicast video feeds of the cameras remotely. I have tried to accomplish this using the Cisco VPN client. Although VPN connectivity is good (we can ping the individual cameras) they are unable to view the live multicast feeds. I enabled multicast globally on the ASA and the inside interface and get the same results.

Is there a way for the ASA to support the remote IPSec VPN client to view the multicast strams?

Thank you for any help.

Labels:
0 Helpful
4 Replies 4

andrew.prince
Level 10
Level 10

‎12-08-2011 12:35 AM

multicast traffic cannot be sent in any encrypted VPN tunnels without encapsulation. GRE tunnels are used to encapsulate multicast traffic from device to device. Cisco routers can convert multicast to broadcast, with a directed broadcast you may be able to take advantage of this, not sure it would work though.

Or You may want to listen to the stream and convert it to unicast. I remember reading somewhere that the VLC application can do this.

Sent from Cisco Technical Support iPad App

0 Helpful

bmack
Level 1
Level 1
In response to andrew.prince

‎12-08-2011 06:13 AM

Thank you for your reply Andrew.

To clarify, I am using the Cisco VPN Client version 5.0.07.0290 and the remote access VPN is IPSec.

There is not a traditional router in play here. The core is an L3 switch with a VLAN carved out for the ASA inside interface. The outside interface of the ASA connects to the internet, so any vpn client termination will have to be to the ASA.

The customer wants to be able to remotely connect to the network so they can watch the live multicast video feeds from the individual cameras. It does not seem like this is something we will be able to easily do using the Cisco VPN client and the ASA.

Is there any way that any user using the Cisco VPN CLient can receive multicast? Would this work if the VPN terminated on a router instead of the ASA?

I will look into the VLC application as I am not familiar with that.

If you can think of any other possible works arounds or have any other suggestion, I would appreciate any input.

Thank you,

0 Helpful

andrew.prince
Level 10
Level 10
In response to bmack

‎12-08-2011 07:21 AM

You cannot encrypt a native Multicast stream - encryption is unicast to unicast.

You will need a 3rd party app to bridge the gap.

0 Helpful

andrew.prince
Level 10
Level 10
In response to andrew.prince

‎12-08-2011 07:37 AM

did a search and found the below - an interesting concept, that might just work for you....

http://netsyshax.wordpress.com/2010/08/23/multicast-to-unicast-and-vice-versa/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents