How to broadcast cross IP Sec VPN?

I need one network device broadcast cross VPN.

Device IP Address: 192.168.88.88
Network: Windows 2008 domain LAN network, 192.168.88.x
router: Fortigate 51E
VPN: IP Sec, connected
VPN destination network: 192.168.110.x

The 192.168.88.88 device need to send a SIP Broadcast 224.0.1.75 to servers on the other end of VPN, so we wish the broadcast can cross the VPN, arrive a server which IP address is 192.168.110.110.

I created firewall policy to allow 192.168.88.88 to all the 192.168.110.x address, but it seems not to be enough.

Thank s for any suggestion.
Snowy CanadaNetwork AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Few remarks:
Broadcast is defined as: All systems on the current network segment, which excludes everything beyond a router (any router).
The Address you mention isn't broadcast, but Multicast.  A system as to ask it to receive Multicast (subscription model).

You need IGMP enabled for that. (and possibly IGMP snooping on switches to actualy convert a multicast to broadcast on relevant segments.)
Adding routes to areas you want to reach with multicast is like adding 224.0.0.0/240.0.0.0 routes on equipment that uses it.

IPSEC requires that you ALSO create a separate tunnel for this kind of traffic as it is filtered if the endpoints have non-matching IPranges.
Multicast traffic always is UDP btw.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JustInCaseCommented:
224.0.1.75 destination is multicast as noci already wrote.
Few points:
- IPsec tunnel does not support multicast traffic by itself
- GRE via IPsec supports multicast traffic
- if multicast sender and receiver are not located in the the same subnet multicast routing need to be configured.

So, if you are not using L2TPv3 you will need to configure:
Create GRE tunnel, forward GRE traffic into IPsec tunnel and also need you will need to build multicast IP routing for full traffic path
IGMP snooping mentioned above is just related to switch infrastructure, typically for last hop, from VLAN SVI to multicast receiver, but IGMP snooping is not converting multicast to broadcast. Actually, Function of IGMP snooping is to prevent multicast to act like broadcast (if IGMP snooping is not configured on switch multicast traffic is treated as broadcast).

There could be some other solutions too, but I am not aware of your network devices and protocols that are supported on those devices.
Snowy CanadaNetwork AdministratorAuthor Commented:
Thanks for the suggestion. I need work with branch office test the VPN and update you.
Snowy CanadaNetwork AdministratorAuthor Commented:
Thank you so much for the suggestion
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.