We set up multicast routing as advised in configuration guides.
- We use ASA 8.4(1) , enabled multicast-routing
- source is on the outside interface
- receivers are far away in the network core on the inside interface
- we use pim sparse mode
- used static rp configuration, rp is a remote switch
- we NAT the source address of the source.
Results: ASA drops multicast traffic with the following message:
%ASA-7-710005: UDP request discarded from 192.168.2.110/1193 to outside:22.214.171.124/1234
Packet tracer says:Drop-reason: (security-failed) Early security checks failed
When we disconnect the firewall from the rest of the network and conduct isolated local tests with a receiver connected to the inside interface it works fine. But as soon as we connect and pim neighborship and mroute builds up it starts dropping packets.
The rest of the network works fine, if we put the source after the firewall (to the inside interface).