Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN

Description
This article describes the configuration steps to successfully transmit broadcast streaming over an IPsec VPN between two FortiGates.

The following high level diagram illustrates the scenario:

Solution
Here is the Step by Step guide on site A

- Establish an IPsec VPN tunnel between both FortiGates. It’s important to add the broadcast address 225.255.255.255 as a destination inside phase2 selectors:

# config vpn ipsec phase1-interface
    edit "VPN-siteA"
        set interface "port1"
        set proposal aes256-sha1
        set dhgrp 5
        set remote-gw 10.108.16.52
# config vpn ipsec phase2-interface
    edit "VPN-siteA-0"
        set phase1name "VPN-siteA"
        set proposal aes256-sha1
        set dhgrp 5
        set src-subnet 10.10.1.0 255.255.255.0
        set dst-subnet 192.168.10.0 255.255.255.0
    next
    edit "VPN-siteA-Broadcast"
        set phase1name "VPN-siteA"
        set proposal aes256-sha1
        set dhgrp 5
        set src-subnet 10.10.1.0 255.255.255.0
        set dst-subnet 255.255.255.255 255.255.255.255
    next
end

- Configure Firewall Policies to allow multicast traffic through the IPsec tunnel:

# config firewall policy
    edit 2
        set uuid 3f41d4ec-1b11-51e5-59e1-89ff338a8b48
        set srcintf "port2"
        set dstintf "VPN-siteA"
        set srcaddr "10.10.1.0/24"
        set dstaddr "192.168.10.0/24"
        set action accept
        set schedule "always"
        set service "ALL"
    next
    edit 3
        set uuid 4ecffd80-1b11-51e5-f9dc-b4973fcba126
        set srcintf "VPN-siteA"
        set dstintf "port2"
        set srcaddr "192.168.10.0/24"
        set dstaddr "10.10.1.0/24"
        set action accept
        set schedule "always"
        set service "ALL"

- Add the needed static routes:

# config router static
    edit 1
        set gateway 10.108.19.254
        set device "port1"
    next
    edit 2
        set dst 192.168.10.0 255.255.255.0
        set device "VPN-siteA"
    next
end

- "Broadcast-forward" should be enabled on the interfaces:

# config system interface
    edit VPN-siteA
        set vdom "root"
        set broadcast-forward enable
        set type tunnel
        set snmp-index 12
        set interface "port1"
    next
    edit "port2"
        set vdom "root"
        set ip 10.10.1.1 255.255.255.0
        set broadcast-forward enable
        set type physical
        set snmp-index 2
    next
end

- Configure Broadcast firewall address & policy:

# config firewall multicast-address
    edit "Broadcast"
        set type broadcastmask
        set subnet 255.255.255.255 255.255.255.255
end

# config firewall multicast-policy
    edit 1
        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "Broadcast"
    next
end

The same steps should be followed on site B

- IPsec VPN configuration:

# config vpn ipsec phase1-interface
    edit "VPN-siteB"
        set interface "port1"
        set proposal aes256-sha1
        set dhgrp 5
        set remote-gw 10.108.16.137

# config vpn ipsec phase2-interface
    edit "VPN-siteB-0"
        set phase1name "VPN-siteB"
        set proposal aes256-sha1
        set dhgrp 5
        set src-subnet 192.168.10.0 255.255.255.0
        set dst-subnet 10.10.1.0 255.255.255.0
    next
    edit "VPN-siteB-Broadcast"
        set phase1name "VPN-siteB"
        set proposal aes256-sha1
        set dhgrp 5
        set src-subnet 255.255.255.255 255.255.255.255
        set dst-subnet 10.10.1.0 255.255.255.0
end

- Firewall Policies:

# config firewall policy
    edit 16
        set uuid d16f4a8a-1b10-51e5-3008-a5f532b77f5c
        set srcintf "VPN-siteB"
        set dstintf "port3"
        set srcaddr "10.10.1.0/24"
        set dstaddr "192.168.10.0/24"
        set action accept
        set schedule "always"
        set service "ALL
    next
    edit 17
        set uuid f4186fa8-1b10-51e5-3a14-f0414fd58617
        set srcintf "port3"
        set dstintf "VPN-siteB"
        set srcaddr "192.168.10.0/24"
        set dstaddr "10.10.1.0/24"
        set action accept
        set schedule "always"
        set service "ALL"
end

- Static routing:

# config router static
    edit 1
        set gateway 10.108.16.137
        set device "port1"
    next
    edit 2
        set dst 10.10.1.0 255.255.255.0
        set device "VPN-siteB"
    next

- "Broadcast-forward" should be enabled on the interfaces:

# config system interface
    edit VPN-siteB
        set vdom "root"
        set broadcast-forward enable
        set type tunnel
        set snmp-index 12
        set interface "port1"
    next
    edit "port2"
        set vdom "root"
        set ip 192.168.10.1 255.255.255.0
        set broadcast-forward enable
        set type physical
        set snmp-index 2
    next
end

- Configure Broadcast firewall address & policy:

# config firewall multicast-address
    edit "Broadcast"
        set type broadcastmask
        set subnet 255.255.255.255 255.255.255.255
end
# config firewall multicast-policy
    edit 1
        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "Broadcast"
    next
end

What type of VPN allows multicast and broadcast traffic over a secure site to site VPN?

Generic Routing Encapsulation (GRE) is a VPN tunneling protocol used to encapsulate various network-layer protocols. The site-to-site protocol supports multicast and broadcast network traffic.

Which type of VPN has both layer 2 and Layer 3?

MPLS is often called a provider-provisioned VPN and can support both Layer 3 and Layer 2 VPNs over an IP backbone. This article focuses on the Layer 3 VPNs. Layer 3 MPLS VPNs are based on RFC 2547 and 2547bis.

Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN

What type of VPN allows multicast and broadcast traffic over a secure site to site VPN?

Which type of VPN has both layer 2 and Layer 3?

zusammenhängende Posts

Which type of fracture is defined as being crushed at the site of impact producing two or more fragments?

Which of the following is an example of a passive negative personality type?

What type of network topology connects multiple devices to a central device?

A developmental push is associated with what type of bereavement in adulthood

What type of device gathers data and converts them into electronic form for use by the computer?

What type of new business has growth and high profitability as primary objectives?

What type of data file can be opened and viewed in an editor such as Notepad?

What are the type of endoplasmic reticulum describe their structure and function?

What type of loop executes a procedure as long as the test condition is true?

Which patient condition or disorder is an example of a type IV hypersensitivity reaction Quizlet

Werbung

NEUESTEN NACHRICHTEN

Kann man nur schwanger werden wenn man den eisprung hat

Was kostet windows 10 nach einem jahr

Was passiert wenn ein Elektron aus der Hülle entfernt wird?

What is the relationship between unethical politicking and impression management quizlet?

For a person to be recognized as having a high degree of political skill, he or she must have the

Was bedeuted o7

Wie erstelle ich einen Broadcast WhatsApp?

Führerschein C1 171 Was darf ich fahren

Rezept rote beete carpaccio mit ziegenkäse

When delivering a speech you should display visual aids only when discussing them?

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial