Hello,

I am trying to achieve the following in a lab environment (gns3) before moving to my real network.

Multicast Source (inside network) --> PIX --> host router (outside network).

The lab topology looks something like this:

MulticastSource(router) fa0/0 -- fa0/0 InsideRouter fa0/1 -- eth0 PIX eth1 -- fa0/0 OutsideRouter

As I understand PIX 7.0.4 only supports sparse mode, so I have configured sparse mode on all respectful router interfaces.

My configuration so far is (only relevant commands are shown):

MutlicastRouter

ip multicast-routing

!

interface Loopback0

ip address 192.168.11.1 255.255.255.0

ip pim sparse-mode

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

router eigrp 23

network 192.168.1.0 0.0.0.3

network 192.168.11.0

no auto-summary

!

ip pim rp-address 192.168.11.1

ip pim send-rp-announce Loopback0 scope 32

ip pim send-rp-discovery Loopback0 scope 32

Inside

ip multicast-routing

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.252

ip pim sparse-mode

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.98.1 255.255.255.0

ip pim dr-priority 100

ip pim sparse-mode

duplex auto

speed auto

!

router eigrp 23

redistribute static

network 192.168.1.0 0.0.0.3

network 192.168.98.0

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 192.168.98.4

!

ip pim rp-address 192.168.11.1

pixfirewall

PIX Version 7.0(4)

!

multicast-routing

!

interface Ethernet0

nameif inside

security-level 100

ip address 192.168.98.4 255.255.255.0

pim dr-priority 0

!

interface Ethernet1

nameif outside

security-level 0

ip address 10.4.14.11 255.255.255.0

igmp static-group 225.6.6.6

!

pim rp-address 192.168.11.1

!

access-list accout extended permit ip any any

access-list accout extended permit pim any any

access-list accout extended permit igmp any any

access-list accin extended permit ip any any

access-list accin extended permit pim any any

access-list accin extended permit igmp any any

icmp permit any inside

icmp permit any outside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 10.4.14.3 192.168.11.1 netmask 255.255.255.255

access-group accin in interface inside

access-group accout in interface outside

route inside 192.168.11.0 255.255.255.0 192.168.98.1 1

route inside 192.168.1.0 255.255.255.252 192.168.98.1 1

route outside 10.3.3.0 255.255.255.0 10.4.14.1 1

!

Outside

ip multicast-routing

!

interface Loopback0

ip address 10.3.3.3 255.255.255.0

!

interface FastEthernet0/0

ip address 10.4.14.1 255.255.255.0

ip igmp join-group 225.6.6.6

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 10.4.14.11

!

Unfortunately I cannot ping 225.6.6.6 from the router named MulticastSource. If the config was ok, shouldn't this ping be successful?

Could someone please help me understand where my error is?

If there where more routers behind the OutsideRouter, which needed multicast, I suppose that as the RP I should use the natted ip for the configured RP.

Thank you in advance,

Katerina