Multicast Routing Through a BOVPN Tunnel

In this example we use Fireware XTM Web UI to configure the BOVPN tunnel to enable multicast routing from a device at Site A to the trusted network at Site B. The multicast sender determines the multicast group IP address to send to. Listener applications can then join the multicast group to receive traffic sent to that multicast group IP address.

For the example, we assume the BOVPN tunnel has already been created, as described in WatchGuard VPN Interoperability Fireware XTM to Fireware XTM .

Example Settings

These settings correspond to the settings shown in the screen shots used throughout this example.

SITE A (XTM device with Fireware XTM 11.x) 

Trusted network IP address: 10.0.50.0/24

Existing tunnel: Tunnel_to_SiteB

Existing tunnel route: 10.0.50.0/24 <==> 192.168.100.0/24

SITE B (XTM device with Fireware XTM 11.x)

Trusted network IP address: 192.168.100.0/24

Existing tunnel: Tunnel_to_SiteA

Existing tunnel route: 192.168.100.0/24 <==> 10.0.50.0/24

Multicast device at Site A

Multicast device network IP address: 10.0.50.3

Multicast group IP address: 232.43.211.234

Configure Multicast Routing for the BOVPN Tunnel at Site A

  1. Select VPN > Branch Office VPN.
  1. Select Tunnel_to_SiteB. Click Edit.
    The Edit Tunnel dialog box appears.
  2. Select the Multicast Settings tab.

Screen shot of the Tunnel settings page - Multicast tab - Site A

  1. Select the Enable multicast routing over the tunnel check box.
  2. In the Origination IP text box, type the IP address of the originator of the traffic.
    For this example, type 10.0.50.3.
  3. In the Group IP text box, type the multicast IP address to receive the traffic.
    For this example, type 232.43.211.234.
  4. Select Enable device to send multicast traffic.
  5. From the Input Interface drop-down list, select the interface from which the multicast traffic originates.
    For this example, the input interface is set to 1 (Trusted).
  6. Select the Addresses tab.
    The Helper Addresses settings appear at the bottom of the Addresses tab.

Screen shot of the Tunnel settings page - Addresses tab - Site A

  1. In the Helper Addresses, section, type IP addresses for each end of the multicast tunnel. Use any two unused IP addresses, one for the local network and one for the remote network. You can set Local IP and Remote IP to any unused IP addresses. We recommend you use private IP addresses that are not used on any local network or on any remote network the XTM device connects to.
    For this example:

For more information about helper IP addresses, see Enable Multicast Routing Through a Branch Office VPN Tunnel.

  1. Save the configuration to the XTM device.

If you enable broadcast or multicast routing in more than one BOVPN tunnel, make sure that you use a different pair of helper IP addresses for each tunnel.

Configure Multicast Routing for the BOVPN Tunnel at Site B

  1. Select VPN > Branch Office VPN.
  1. Select Tunnel_to_SiteA. Click Edit.

    The Edit Tunnel dialog box appears.
  2. Select the Multicast Settings tab.

Screen shot of the Tunnel settings page, Multicast tab - Site B

  1. Select the Enable multicast routing over the tunnel check box.
  2. In the Origination IP field, type the IP address of the originator of the traffic.

    For this example, type 10.0.50.3.
  3. In the Group IP text box, type the multicast IP address to receive the traffic.
    For this example, type 232.43.211.234.
  4. Select Enable device to receive multicast traffic.
  5. In the Output Interface list, select each interface to receive the multicast traffic.
    For this example, select the check box for 1 (Trusted).
  6. Select the Addresses tab.
    The Helper Addresses settings appear at the bottom of the Addresses tab.

Screen shot of the Tunnel settings page - Addresses tab - Site B

  1. In the Helper Addresses, section type IP addresses for each end of the multicast tunnel. These must be the same addresses you entered for the tunnel configuration in Site A, except that the order is reversed.
    For this example:
  1. Save the configuration to the XTM device.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base