Contents

Related Topics

Broadcast Routing Through a BOVPN Tunnel

This example shows how to configure the BOVPN tunnel to enable broadcast routing from a device at Site A to the IP addresses on the trusted network at Site B.

For this example, we assume the BOVPN tunnel has already been created between the two devices.

For more information about the helper addresses used for broadcast routing, see Enable Broadcast Routing Through a Branch Office VPN Tunnel

Example Settings

These settings correspond to the settings shown in the screen shots used throughout this example.

SITE A (Firebox with Fireware v11.x) 

Trusted network IP address: 10.0.50.0/24

Existing tunnel: Tunnel_to_SiteB

Existing tunnel route: 10.0.50.0/24 <==> 192.168.100.0/24

SITE B (Firebox with Fireware v11.x)

Trusted network IP address: 192.168.100.0/24

Existing tunnel: Tunnel_to_SiteA

Existing tunnel route: 192.168.100.0/24 <==> 10.0.50.0/24

Broadcast device at Site A

Network IP address: 10.0.50.3

Configure Broadcast Routing for the BOVPN Tunnel at Site A

First you must enable broadcast routing and configure the helper addresses for the BOVPN tunnel on the Site A device.

If you enable broadcast or multicast routing in more than one BOVPN tunnel, make sure that you use a different pair of helper IP addresses for each tunnel.

Configure Broadcast Routing for the BOVPN Tunnel at Site B

First you must enable broadcast routing and configure the opposite helper addresses for the BOVPN tunnel on the Site B device.

Broadcasts Routed Through the Tunnel

The BOVPN tunnel configured described in this example routes these broadcasts:

10.0.50.x/24 -> 192.168.100.255 (destination is the directed broadcast address of the remote network)

10.0.50.x/24 -> 255.255.255.255

192.168.100.x/24 -> 10.0.50.255 (destination is the directed broadcast address of the remote network)

192.168.100.x/24 -> 255.255.255.255

The BOVPN tunnel does not route these broadcasts:

0.0.0.0 -> 255.255.255.255 (dhcp/bootp broadcast)

10.0.50.x/24 -> 10.0.50.255 (netbios broadcast: not the directed broadcast address of the remote network)

192.168.100.x/24 -> 192.168.100.255 (netbios broadcast: not the directed broadcast address of the remote network)

203.0.113.x/24 -> 10.0.50.255 (source IP address does not match the local network)

198.51.100.x/24 -> 192.168.100.255 (source IP address does not match the local network)

Give Us Feedback     Get Support     All Product Documentation     Technical Search