Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2410
Views
0
Helpful
1
Replies

PIM or Stub Multicast Routing in this ASA scenario?

Go to solution
jkeeffe
Level 2
Level 2

‎06-20-2011 01:01 PM - edited ‎03-11-2019 01:47 PM

We have an ASA-5540 (8.4(1))  The inside interface faces a few multicast receivers. The outside interface faces the multicast source.

All of the ASA multicast documents I've download describe very simple network designs, such as a single segment on the ASA inside.

Our PC hosts that will be multicast receivers are a couple router hops away from the ASA inside interface. I'm not sure what the best way is to configure multicast on the ASA.

Should I configure the ASA with PIM routing and a static RP address (plus the ACL to allow the multicast source traffic in) since the receiver hosts are a couple hops away?  I think I understand the IGMP joins are for a local PIM router, so configuring as a Stub Multicast router wouldn't work? The two Cisco routers between the host and the inside ASA interface already have PIM, a static RP address, and IP PIM Spare-Mode configured.

What would be the best, or only, way to configure the ASA?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ronaldo Renato Punzalan
Cisco Employee
Cisco Employee

‎06-20-2011 01:46 PM

See below response.

[Question] Should I configure the ASA with PIM routing and a static RP address  (plus the ACL to allow the multicast source traffic in) since the  receiver hosts are a couple hops away? 

[Answer]: You need to enable PIM routing on the ASA because your inside mcast routers are enabled for PIM routing as well. Ensure you use the same RP setting and reachable from the ASA.

[Question] I think I understand the IGMP  joins are for a local PIM router, so configuring as a Stub Multicast  router wouldn't work?

[Answer] IGMP operates only within a subnet. If the receivers are several hops away from the ASA, that IGMP messages will not reach the ASA. With that said, stub multicast routing is not going to help.

[Info] The two Cisco routers between the host and the  inside ASA interface already have PIM, a static RP address, and IP PIM  Spare-Mode configured.

[Comment] ASA only supports sparse-mode and ensure the ASA forms PIM neighbor relationship with the inside routers and use the same RP address.

[Question] What would be the best, or only, way to configure the ASA?

[Answer] Enable PIM sparse-mode on the ASA and open up the stream via ACL since the sender are on the outside interface. Here's a doc for more info on how to enable mcast routing on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_multicast.html#wp1061973

Enabling mcast routing on the ASA is fairly simple:

1. execute "multicast-routing"

2. add the RP via "pim rp-address ..."

3. open ACL if source is on the outside

Use "show pim neighbor" and "show mroute" to check mcast status.

Regards,

/ronaldo

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ronaldo Renato Punzalan
Cisco Employee
Cisco Employee

‎06-20-2011 01:46 PM

See below response.

[Question] Should I configure the ASA with PIM routing and a static RP address  (plus the ACL to allow the multicast source traffic in) since the  receiver hosts are a couple hops away? 

[Answer]: You need to enable PIM routing on the ASA because your inside mcast routers are enabled for PIM routing as well. Ensure you use the same RP setting and reachable from the ASA.

[Question] I think I understand the IGMP  joins are for a local PIM router, so configuring as a Stub Multicast  router wouldn't work?

[Answer] IGMP operates only within a subnet. If the receivers are several hops away from the ASA, that IGMP messages will not reach the ASA. With that said, stub multicast routing is not going to help.

[Info] The two Cisco routers between the host and the  inside ASA interface already have PIM, a static RP address, and IP PIM  Spare-Mode configured.

[Comment] ASA only supports sparse-mode and ensure the ASA forms PIM neighbor relationship with the inside routers and use the same RP address.

[Question] What would be the best, or only, way to configure the ASA?

[Answer] Enable PIM sparse-mode on the ASA and open up the stream via ACL since the sender are on the outside interface. Here's a doc for more info on how to enable mcast routing on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/route_multicast.html#wp1061973

Enabling mcast routing on the ASA is fairly simple:

1. execute "multicast-routing"

2. add the RP via "pim rp-address ..."

3. open ACL if source is on the outside

Use "show pim neighbor" and "show mroute" to check mcast status.

Regards,

/ronaldo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card