SMR Agreement with Clients
on a Less Secure Interface
This case is simpler. All you charge to do is accredit multicast processing on both
interfaces and actualize changeless multicast routes for casual cartage amid the clients
and the servers (and routers). Multicast processing is enabled with:
PIX1(config)# multicast interface outside
PIX1(config-multicast)# exit
PIX1(config)# multicast interface inside
Multicast avenue are created application the mroute command (which is not a subcommand
of the multicast command):
mroute
The src and srcmask ambit are the IP abode and subnet affectation of a multicast
source host/router (just accustomed IP addresses, not multicast addresses.).The inif-
name constant specifies the interface affiliated to the source. dst and dstmask
www.syngress.com
Advanced PIX Configurations • Chapter 4 207
are the multicast accumulation abode and subnet affectation to which the server is sending its
transmission. Finally, out-if-name is the interface affiliated to the multicast clients.
For example:
PIX1(config)# mroute 192.168.2.25 255.255.255.255 central 224.0.1.1 255.
255.255.255 outside
Here is an archetype agreement in the case of two servers: 192.168.2.25 on
the central interface multicasting to accumulation 224.1.1.1 and 10.2.3.4 on the dmz
interface multicasting to the accumulation 230.1.1.1 and no centralized clients:
PIX1(config)# multicast interface outside
PIX1(config-multicast)# exit
PIX1(config)# multicast interface inside
PIX1(config-multicast)# exit
PIX1(config)# multicast interface dmz1
PIX1(config-multicast)# exit
PIX1(config)# mroute 192.168.2.25 255.255.255.255 central 224.1.1.1 255.
255.255.255 outside
PIX1(config)# mroute 10.2.3.4 255.255.255.255 dmz 230.1.1.1 255.255.255.
255 outside