[AG-TECH] PIM through PIX

Jason Bell j.bell at cqu.edu.au
Thu Dec 15 20:19:10 CST 2005

G'day Claus

We use a "GRE" tunnel to tunnel all our multicast traffic through our
Cisco Firewall.

I am sorry that I cannot provide you with any more details for the
moment (busy preparing for the Xmas closure), but if you are still
having difficulties in the New Year, I would be happy to provide you
with more information then.

Hope this helps somewhat.


-----Original Message-----
From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov] On
Behalf Of Claus Endres
Sent: Thursday, 15 December 2005 4:32 PM
Subject: [AG-TECH] PIM through PIX


We are trying to run personal AccessGrid nodes through a Cisco PIX
firewall, and don't have much success.

The topology is:

+--------+ IGMP +------------+ PIM +-----+ PIM +-------+ PIM +-------+
| AGnode +------+ C6500 MSFC +-----+ PIX +-----+ C3750 +-----+ C3750 +--
+--------+      +------------+     +-----+     +-------+     +-------+

The firewall is running version 7.0(2) software, using NAT.

The Catalyst6500 receives IGMP membership reports from the AG node, and
sends corresponding PIM joins to the PIX. The PIX never passes the
PIM joins to the Catalyst 3750, so the AG node never receives the video
and audio streams.

Does anybody have a configuration like this successfully passing
multicast traffic?

Any suggestions about configuration parameters or software revisions
would be greatly appreciated.

A similar config, using IGMP proxy in the PIX (Version 6.3) and IGMP
snooping in the internal network, works successfully, but only within
a layer 2 internal net.

Claus Endres                | Phone:  +61-3-5998 2310
Endres Consulting Pty. Ltd. | Mobile: +61-418-595 136
10 Facey Road               | Fax:    +61-3-5998 2540
Devon Meadows, VIC 3977     | claus at endresconsulting.co

More information about the ag-tech mailing list