Can vMX or MX firewall (mx68) support multicasting over the VPN

Air-Marshal
Comes here often

Can vMX or MX firewall (mx68) support multicasting over the VPN

Hi Team,

 

Would like to inform you that we have Meraki hub and spoke auto VPN network setup configured, from hub side we are using vMXs and from spoke side we are using MX68 appliances, generally data that travers over the VPN is related to video streaming, (in unicast mode) and we want to send this type of data (in multicast mode), can you please help or share the configuration guide, so that we can enable multicast traffic over the meraki auto-VPN, thanks

 

Thanks & Regards,

Devendra Singh Chauhan

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Multicast_support

 

IGMP Support on the Cisco Meraki Security Appliance

MX Security Appliances will forward IGMP traffic for a single broadcast domain. It does not forward multicast traffic upstream, between VLANs, or over a VPN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Air-Marshal
Comes here often

 Hi Alemabrahao, thanks for sharing the document regarding IGMP, so is that mean Meraki Security appliances not forwards the multicast traffic over the VPN, correct.

 

Do you have any suggestion, what type solution or what kind of appliances we can use to forward the multicast traffic over the VPN, please help on it, thanks.

alemabrahao
Kind of a big deal
Kind of a big deal

If you have another external device that can do multicast routing, you could create a GRE tunnel between two endpoints via AutoVPN tunnel. This can be an L2 or L3 GRE depending on how you want to do it. Unfortunately, Meraki does not support GRE.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Air-Marshal
Comes here often

Thanks for your quick reply, I will take your comment as a reference for further action, thanks. 

Lexico
Comes here often

Hi 

 

This is a topic I’ve come across before, and whilst the VPN does not support multicast natively there is a bit of a workaround. It’s possible to configure the remote device, so that one of the wireless SSIDs is remote tunnelled via GRE to the head end appliance. This is kind of a wireless concentrator set up rather than multicast, but it should support the same features as if that wireless SSID is local to the hub device.

 

I’ll be honest, It’s still on my list to configure and test, but I can see it is there in the GUI so a bit of testing is required.

 

It’s a bit of a corner case, so consider carefully if you want put this in a production network as Support might be limited. 

Get notified when there are additional replies to this discussion.