>> Необходимо настроить multicast между DMZ-сервером 192.168.168.50 и группой внутренних
>> серверов.
>> Так, чтобы 192.168.168.50 выступал в роли сервера (224.0.1.105:23364).
>> . . .
>> access-group INSIDE_IN in interface INSIDE
>> access-group DMZ_IN in interface DMZ
>> access-group OUTSIDE_IN in interface OUTSIDE
>> . .
> Такое есть в листе DMZ_IN ?
> access-list DMZ_IN extended permit udp any 224.0.1.0 255.255.255.0

Да, есть. Возможно проблема не в асе. Упростил задачу. Перенес источник в локалку. Имеем источник 192,168,197,69 который вещает на 224,0,1,169. Между источником и клиентом стоит два роутера. С2911 и Catalyst 6506. Конфиги:

Inet_2911#
ip multicast-routing

interface GigabitEthernet0/0
description LAN
ip address 192.168.200.100 255.255.255.0
ip pim sparse-mode
ip nat inside
ip virtual-reassembly in
load-interval 30
!
interface GigabitEthernet0/2
description 2InetASA
ip address 192.168.197.100 255.255.255.0
ip access-group 121 in
ip pim sparse-mode
ip nat outside
ip virtual-reassembly in

ip pim rp-address 192.168.200.100 MultiCast override

ip access-list standard MultiCast
permit 224.0.1.169

---
На 6506:

Core6506-1#sh run int vlan 200

interface Vlan200
description new_link_to_internet
ip address 192.168.200.1 255.255.255.0
ip pim sparse-mode
ip flow ingress
end

Core6506-1#sh run int vlan 20

interface Vlan20
ip address 192.168.4.1 255.255.255.0
ip pim sparse-mode
ip flow ingress
end

В результате следующая картина:
На 2911:

Inet_2911#sh access-lists 121 | in 192.168.197.69
    110 permit udp host 192.168.197.69 host 224.0.1.169 eq 1234 (8011079 matches)
    120 permit igmp host 192.168.197.69 host 224.0.1.169
    130 permit igmp host 192.168.197.69 host 239.255.255.250 (3053 matches)
    140 permit ip host 192.168.197.69 any log (1759 matches)
Inet_2911#
Inet_2911#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group,
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.255.255.250), 2d02h/00:02:10, RP 0.0.0.0, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet0/2, Forward/Sparse, 2d02h/00:02:10

(*, 224.0.1.40), 2d03h/00:02:30, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet0/0, Forward/Sparse, 2d03h/00:02:30
    GigabitEthernet0/2, Forward/Sparse, 2d03h/00:02:10

(*, 224.0.1.169), 02:20:33/stopped, RP 192.168.200.100, flags: SP
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list: Null

(192.168.197.69, 224.0.1.169), 02:20:33/00:02:16, flags: PT
  Incoming interface: GigabitEthernet0/2, RPF nbr 0.0.0.0
  Outgoing interface list: Null

Inet_2911#
Inet_2911#sh ip igmp group
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
239.255.255.250  GigabitEthernet0/2       2d02h     00:02:51  192.168.197.69  
224.0.1.40       GigabitEthernet0/0       2d20h     00:02:17  192.168.200.1  
224.0.1.40       GigabitEthernet0/2       2d21h     00:02:50  192.168.197.100

На 6506:

Core6506-1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 230.230.230.230), 04:14:44/00:02:38, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan20, Forward/Sparse, 04:14:44/00:02:38

(*, 239.255.255.253), 2d21h/stopped, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan200, Forward/Sparse, 2d21h/00:00:00
    Vlan20, Forward/Sparse, 2d21h/00:02:40

(192.168.4.241, 239.255.255.253), 00:04:35/00:00:38, flags: PT
  Incoming interface: Vlan20, RPF nbr 0.0.0.0, RPF-MFD
  Outgoing interface list: Null

(*, 239.255.255.250), 2d21h/00:02:33, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan200, Forward/Sparse, 2d21h/00:00:00
    Vlan20, Forward/Sparse, 2d21h/00:02:33

(*, 224.0.1.60), 2d21h/00:02:33, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan200, Forward/Sparse, 2d21h/00:00:00
    Vlan20, Forward/Sparse, 2d21h/00:02:33

(*, 224.0.1.40), 2d21h/00:02:40, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan200, Forward/Sparse, 2d21h/00:00:00

(*, 224.0.1.127), 2d21h/00:02:36, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan200, Forward/Sparse, 2d21h/00:00:00
    Vlan20, Forward/Sparse, 2d21h/00:02:36

(*, 224.0.1.169), 2d21h/00:02:39, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan20, Forward/Sparse, 2d21h/00:02:39
    Vlan200, Forward/Sparse, 2d21h/00:00:00

Core6506-1#
Core6506-1#sh ip igmp group
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
230.230.230.230  Vlan20                   04:14:59  00:02:23  192.168.4.38    
239.255.255.253  Vlan20                   2d21h     00:02:25  192.168.4.241  
239.255.255.250  Vlan20                   2d21h     00:02:18  192.168.4.200  
224.0.1.60       Vlan20                   2d21h     00:02:18  192.168.4.75    
224.0.1.40       Vlan200                  2d21h     00:02:25  192.168.200.1  
224.0.1.127      Vlan20                   2d21h     00:02:21  192.168.4.241  
224.0.1.169      Vlan20                   2d21h     00:02:24  192.168.4.27    

Не могу ничего понять.
1. Должен ли я увидеть на 2911 группу 224.0.1.169? Если да, то почему не вижу?
2. По нетфлоу вижу на интерфейс G0/2 приходит udp host 192.168.197.69 host 224.0.1.169 eq 1234, а на G0/0 не вижу чтобы он уходил на 6506. Что-то с маршрутизацией?