IGMP Multicast with VTI Tunnel

Options
piero
piero Posts: 2 image  Freshman Member
First Comment
edited April 2021 in Security
Hi, i've to connect two Zywall USG60 by the public network with VTI VPN Tunnel. I set correctly the tunnel and the connection between to system is ok but when i try to start multicast sender from one pc, on the other pc i don't receive anything. I tried to set IGMP Support both for VTI interface and Ethernet Interface with all possible combination but whitout good results.
Could you help me to find right solution to problem?
Thanks a lot
Bye

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,436 image  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Eighth Anniversary

    Hi @piero

    Welcome to Zyxel community. :)

    Here is topology:

    Multicast Server(192.168.1.X)-------USG60#1=====[VPN]=====USG60#2------Client(192.168.10.X)

    Please go to make sure your configuration first.

    On USG60#1:

    LAN interface: IGMP setting is upstream.


    VTI interface: IGMP setting is downstream


    Create policy router for IGMP traffic is able pass into VIT interface.

    e.g. Destination IP: multicast group IP, NextHop: VTI interface.


    On USG60#2:

    LAN interface: IGMP setting is downstream.


    VTI interface: IGMP setting is upstream


  • piero
    piero Posts: 2 image  Freshman Member
    First Comment
    Hi and thanks for your info.
    I already made this configuration but without any good results.
    On the USG connected to multicast server i see IGMP status correctly

    But on the other USG the same tab is empty.
    Do i have to create a policy route also on the USG#2?
    Because sniffing packets on the USG#2 i see Membership query from 192.168.11.1 (IP address of USG#2) and after Membership report group from 192.168.11.55 (Client PC) to 239.0.0.1 (igmp ip class of multicast server) but this response doesn't reach multicast server.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,436 image  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Eighth Anniversary

    Hi @piero  

    In my environment additional policy route rule is unnecessary.

    And it is working without problem.

    On USG#1


    On USG#2


    I will send you private message for check this issue more details.

  • GuillermoBartolome
    GuillermoBartolome Posts: 1 image  Freshman Member
    First Comment 
    I have had the same problem with the same network topology.
I get unicast routing but not multicast.
What is the solution?.
Thanks and good week.
  • Zyxel_Can
    Zyxel_Can Posts: 342 image  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @ GuillermoBartolome,

     

    Can you share some information with us;

     

    1-    Did you configure as above ? In your case you need to create VTI interfaces with IGMP Downstream.

    2-    For multicast routing, you need to create a range address object as in the following screenshot;

    (reference URL: https://en.wikipedia.org/wiki/Multicast_address)

     


    3-    Then, you need to create policy routes for 2 side. For that please set VTI interface as next hop.

     

    Best regards.


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)