53-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 3 Configuring Multicast Policies on Firewall Devices
Configuring PIM
Configuring PIM
Protocol independent multicast (PIM) provides a scalable method for determining the best paths in a
network for distributing a specific multicast transmission to each host that has registered using IGMP to
receive the transmission. Routers and security devices use PIM to maintain tables for forwarding
multicast datagrams.
With PIM sparse mode (PIM SM), which is the default for Cisco routers, when the source of a multicast
transmission begins broadcasting, the traffic is forwarded from one multicast router to the next until the
packets reach every registered host. If a more direct path to the traffic source exists, the last-hop router
sends a join message to the source that causes the traffic to be rerouted along the better path.
Note PIM is not supported with PAT—the PIM protocol does not use ports and PAT only works with protocols
that use ports.
When you enable multicast routing on a security appliance, PIM and IGMP are enabled on all interfaces
by default. You can disable PIM on a per-interface basis.
The PIM page provides up to six tabbed panels:
PIM Page - Protocol Tab, page53-11 – Lets you manage interface-specific PIM properties.
PIM Page - Neighbor Filter Tab, page 53-12 – Lets you manage neighbor filters for individual
interfaces; available only on ASA 7.2(1)+ devices.
PIM Page - Bidirectional Neighbor Filter Tab, page53-13 – Lets you manage bidirectional neighbor
filters for individual interfaces; available only on ASA 7.2(1)+ devices.
PIM Page - Rendezvous Points Tab, page53-15 – When you configure PIM, you must choose one
or more devices to operate as the rendezvous point (RP). An RP is a single, common root of a shared
distribution tree and is statically configured on each device. First-hop routers use the RP to send
registration packets on behalf of the source multicast hosts.
PIM Page - Route Tree Tab, page53-17 – By default, PIM leaf routers join the shortest-path tree
immediately after the first packet arrives from a new source. This reduces delay, but requires more
memory than shared tree. You can configure whether the security appliance should join shortest-path
tree, or use a shared tree, either for all multicast groups or only for specific multicast addresses.
PIM Page - Request Filter Tab, page53-18 – When the security appliance is acting as an RP, you
can restrict specific multicast sources from registering. This prevents unauthorized sources from
registering with the RP. The Request Filter panel lets you define the multicast sources from which
the security appliance will accept PIM registration messages.

PIM Page - Protocol Tab

Use the Protocol tab to configure PIM properties for the interfaces on a security appliance (not available
on PIX 6.3 devices). All currently configured interfaces are listed; you can add, edit and delete entries
on this panel.
Refer to Add/Edit PIM Protocol Dialog Box, page 53-12 for a description of the fields on this panel.
Navigation Path
You access the Protocol tab from the PIM page. For more information, see Configuring PIM, page53-11.