Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2513
Views
0
Helpful
3
Replies

ASA drops multicast stream packets

rodycisco
Level 1
Level 1

‎03-01-2012 02:21 AM - edited ‎03-11-2019 03:37 PM

Hi,

We set up multicast routing as advised in configuration guides.

The details:

- We use ASA 8.4(1) , enabled multicast-routing

- source is on the outside interface

- receivers are far away in the network core on the inside interface

- we use pim sparse mode

- used static rp configuration, rp is a remote switch

- we NAT the source address of the source.

Results: ASA drops multicast traffic with the following message:

%ASA-7-710005: UDP request discarded from 192.168.2.110/1193 to outside:239.255.100.1/1234

Packet tracer says:Drop-reason: (security-failed) Early security checks failed

Other information:

When we disconnect the firewall from the rest of the network and conduct isolated local tests with a receiver connected to the inside interface it works fine. But as soon as we connect and pim neighborship and mroute builds up it starts dropping packets.

The rest of the network works fine, if we put the source after the firewall (to the inside interface).

Any idea?

Thanks,

Rodion

1 person had this problem
Labels:
0 Helpful
3 Replies 3

nmogense
Level 1
Level 1

‎03-08-2012 12:50 PM

I have the same problem.

Anyone?

0 Helpful

rodycisco
Level 1
Level 1
In response to nmogense

‎03-09-2012 12:37 AM

Downgrading to 8.3.1 solved the issue.

This was definitely a software bug in 8.4.1

0 Helpful

nmogense
Level 1
Level 1
In response to rodycisco

‎03-09-2012 03:59 AM

That did it!!

I really appreciate your help.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card