[j-nsp] Multicasting between SSG140 and cisco3825
thiyagarajan b
bn.thiyagarajan at gmail.com
Sun Sep 21 09:29:53 EDT 2014
Hi,
I have a problem running multicasting (PIM sparse mode) between Juniper
SSG140 and Cisco 3825 router using NPEG2 as PE. I am finding negotiation
between NPEG2 and 3825 router is happening but not between SSG and NPEG2, I
am attaching the config of SSG and 3825.
SIY_SSG-> get config
Total Config size 5728:
unset key protection enable
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
set protocol pim
set enable
exit
exit
unset alg sip enable
unset alg mgcp enable
unset alg sccp enable
unset alg sunrpc enable
unset alg msrpc enable
unset alg xing enable
unset alg tftp enable
unset alg talk enable
unset alg sql enable
unset alg rtsp enable
unset alg rsh enable
unset alg real enable
unset alg appleichat enable
unset alg appleichat re-assembly enable
unset alg dns enable
unset alg http enable
unset alg h323 enable
unset alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
unset zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/4" zone "Untrust"
set interface "ethernet0/4.1" tag 100 zone "Untrust"
set interface "loopback.1" zone "Trust"
set interface ethernet0/0 ip 10.0.10.1/24
set interface ethernet0/0 route
unset interface vlan1 ip
set interface ethernet0/2 ip 10.1.1.2/30
set interface ethernet0/2 route
set interface loopback.1 ip 192.168.1.1/32
set interface loopback.1 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/2 ip manageable
set interface loopback.1 ip manageable
set interface ethernet0/0 manage ident-reset
set interface ethernet0/0 manage mtrace
set interface ethernet0/2 manage ping
set interface ethernet0/2 manage ssh
set interface ethernet0/2 manage telnet
set interface ethernet0/2 manage snmp
set interface ethernet0/2 manage ssl
set interface ethernet0/2 manage web
set interface ethernet0/2 manage ident-reset
set interface ethernet0/2 manage mtrace
set interface loopback.1 manage mtrace
set interface ethernet0/0 protocol igmp router
set interface ethernet0/0 protocol igmp static-group 239.0.0.1
set interface ethernet0/0 protocol igmp no-check-subnet
set interface ethernet0/0 protocol igmp no-check-router-alert
set interface ethernet0/0 protocol igmp enable
set interface loopback.1 protocol igmp router
set interface loopback.1 protocol igmp enable
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set hostname SIY_SSG
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "Trust" "LOCAL-LAN" 10.0.10.0 255.255.255.0
set address "Trust" "mcast" 239.0.0.1 255.255.255.255
set address "Untrust" "CCIL-DADAR-LAN" 10.30.84.0 255.255.255.0
set crypto-policy
exit
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
unset alg ftp enable
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log
set policy id 2
exit
set policy id 3 from "Untrust" to "Trust" "CCIL-DADAR-LAN" "LOCAL-LAN"
"ANY" pe
rmit
set policy id 3
exit
set policy id 4 from "Trust" to "Untrust" "LOCAL-LAN" "CCIL-DADAR-LAN"
"ANY" pe
rmit
set policy id 4
exit
set policy id 5 from "Untrust" to "Trust" "Any" "mcast" "ANY" permit log
set policy id 5
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set access-list 1
set access-list 1 permit ip 239.0.0.0/24 1
unset add-default-route
set route 0.0.0.0/0 interface ethernet0/2
exit
set interface ethernet0/0 protocol pim
set interface ethernet0/0 protocol pim enable
set interface ethernet0/2 protocol pim
set interface ethernet0/2 protocol pim enable
set interface loopback.1 protocol pim
set interface loopback.1 protocol pim enable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set protocol pim
exit
exit
set multicast-group-policy from "Trust" mgroup-list 1 to "Untrust"
pim-message j
oin-prune bi-directional
ip cef
ip multicast-routing
multilink bundle-name authenticated
interface Loopback0
ip address 172.20.113.17 255.255.255.255
interface Loopback50
description Sify-Multicast-RP
ip address 172.16.1.1 255.255.255.255
ip pim sparse-mode
interface GigabitEthernet0/0
description LAN
ip address 10.30.84.23 255.255.255.0
ip pim sparse-mode
duplex full
speed 100
media-type rj45
standby 1 ip 10.30.84.25
standby 1 preempt
interface GigabitEthernet0/1
description WAN
ip address 10.50.50.2 255.255.255.252
ip pim sparse-mode
load-interval 30
duplex auto
speed auto
media-type rj45
ip forward-protocol nd
ip route 10.0.10.0 255.255.255.0 GigabitEthernet0/1 10.50.50.1
ip route 10.1.1.0 255.255.255.252 GigabitEthernet0/1 10.50.50.1
ip http server
no ip http secure-server
ip pim rp-address 172.16.1.1
ip pim bsr-candidate Loopback50 0
ip pim rp-candidate Loopback50 priority 100
Please help if there is anything that needs to be modified.
warm regards,
Thiyagarajan B.
More information about the juniper-nsp
mailing list