Cannot multicast through Cisco ASA VPN tunnel

Posted on 2007-10-03
Last Modified: 2008-01-09
I recently replaced a SonicWALL PRO 3060 with a Cisco ASA 5510, and I'm having problems with my VPN tunnels and RIP routing.  My remote sites have SonicWALL TZ170s, and I could have them send RIP v2 multicasts across the VPN connections back to the PRO 3060.  Now that I've replaced the 3060 with the ASA, these multicasts aren't passing through the firewall.  I've read somewhere that ASA don't pass multicasts/broadcasts through VPN tunnels, but haven't been able to find out why or if there is a work-around.

My network looks like this:

(inside network) --- --- (inside router) --- --- (Cisco ASA) --- Internet --- (remote SonicWALL TZ170) --- 192.168.x.0/24 --- (remote network)

The inside network where my ASA is located has an internal router, but the remote network has no router, just the firewall.

Some of the work-arounds I've seen involve firewalls and inside routers on both ends, but that obviously won't work in my situation.

Is there any simple way to get the ASA to accept RIP v2 multicasts (or v1 broadcasts) through the VPN?  Thanks.
Question by:1griffith1
    LVL 79

    Accepted Solution

    If there is only one network at the remote end, why do you need dynamic routing since your ASA has to be specifically configured with the tunnel information anyway?
    You can use reverse route injection and OSPF between the ASA and the internal router to distribute the vpn tunnel routes to the inside router if that is what you need to do.

    Author Comment

    RRI looks like what I'm looking for.  Never used it before, but it's doing what I want in a test environment.

    One other thing... do you know if a Cisco PIX 506e can also do RRI?  
    LVL 79

    Expert Comment

    Unfortunately, the 506 cannot do RRI. This is a feature that Cisco put into the ASA/PIX 7.x in their attempt to combine best of the VPN3000 concentrator and the PIX FW. Glad it's working in the lab..


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now