April 7, 2003 at 2:18 pm
I have a firewall and my application server and few client computers connected inside the firewall. The ipaddress of my internal network is 192.*.*.*. I receive multicast on all the client computers connected in the internal network.
Now the VPN connection
we connect a computer outside the firewall directly to the switch where the router is connected.
i give a pulic ip address and the default gateway as the router IP address
It is now similar connecting to the ISP. Now I have the internet connection to the external client computer.
I connect the VPN to the firewall and once the connection is established I recieve an Ipaddress from the dhcp server. An ipconfig on my machine will show me now 2 ipaddresses one the public ipaddress and other one that i got from the dhcp server which is from the 192.*.*.* series. Now I am virtually in the internal network. I can ping to any internal computer and also ping this external machine from any of the internal computer. I mean I am connected to the internal network virtually.
Now I try a multicast from the internal network server. All clients on the internal network receive the multicast. but not the client which is connected outside the firewall. I am able to access the webpages from the external client without problems.
I use a small application to multicast packages and another application to receive the packages. The ipaddress i use is 224.1.2.4 and the udp port 101.
I run a network monitoring tool on the firewall computer. It shows me the packets comming to the fire wall from the internal multicast server. But its not going out to the external client.
NOw I have two client computers connected outside the firewall. I run the multicast application on one of them and a network monitoring tool on the other. I also have the clientapplication to receive multicast running on both these machine. When I start the multicast the multicast reciving clinets on both the computers does not receive anything but the network monitoring tool shows that there was a broadcast and the source ipaddress as my public IP.
This is the scenario..can you just find out what else should be done for the external clients to receive the multicast.
levi
Jesus My Saviour
April 7, 2003 at 3:08 pm
Wow, that's quite a setup. Not sure you'll get an answer here, but good luck. We're primarily for databases, though there are a few good network people here.
Steve Jones
http://qa.sqlservercentral.com/columnists/sjones
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
April 8, 2003 at 4:46 am
I am not sure if it can be done and will depend on your Firewall, but the issue (I believe) is the Firwall does not forward those packets sent via multicast. I will check a bit more to see if anything else could be the issue but we just don't support our VPN for multicast where I am at since we don't control the Firewall.
April 13, 2003 at 11:17 am
The current IPsec standard does not specify how to handle multicast traffic. Multicast traffic can only be sent to a physical or virtual interface, and IPsec does not represent either.
If you have a lan-to-lan VPN you can try to encapsulate your IPSec traffic within a GRE tunnel (I know this will work in a Cisco environment).
Windows 2000 Server configured with PPTP will support multicast (PPTP generates virtual interface). Reference http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_RASS_scen_pptp_rc.htm for more information.
Regards,
J
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply