ā02-27-2023 10:26 AM
My problem is traffic broadcast from 2 Microsoft Windows PC one connected to port 1/2 and another connected to port 1/4
The Windows application communicates using these IPs 224.0.0.22 IGMPv3 and 225.0.3.15:5602 UDP and these packets do not pass between these 2 inside interfaces.
How do I get these packets traversing between the 2 inside ports I donāt need to go outside the firewall just between these 2 interfaces? Thanks..
ASA 1010 ver 9.19.1,
Multicast-routing
Same-security-traffic permit inter-interface
Same-security-traffic permit intra-interface
Ethernet1/1
no switchport
nameif outside
security level 50
ipaddress 10.0.100.153
Ethernet1/2
no switchport
bridge-group 1
nameif inside_port2
security level 100
Ethernet1/4
no switchport
bridge-group 1
nameif inside_port4
security level 100
ā02-27-2023 03:02 PM
how about configuring on the interface as below example :
ā02-27-2023 03:23 PM
can I see the all asa config ??
ā03-01-2023 06:44 AM
Thanks for the reply,
The asa config I'm trying to get it over to you sanitized, a high secured network over to low side aka internet.
more background if not I'll try to get the config over to you.
I used the 5506-A and moved to the 1010. Both are being used as a static NAT tool nothing more very under utilized. I need to take 25 IPs, 10.10.10.141... NAT to 167.0.1.141... as an example
The way the 5506-A is configured inside IPs are NATed using OBJECTs to the outside. I realized now 5506-A is set up as a switchport which is why the 2 winodows computers can communicate over 2 ports ie 1/2 and 1/4. Multicast, SMB2 protocls IPs 225.0.3.15:5602 and 224.0.0.22. I have 2 separate Cisco routers/switches that are connected to ASA. This all works.
1010 it does not using the same network connections.
I started with the overall no switchport setup on Ethernet 1/1, 1/2, 1/4
With the correct setup using no switchport I should be able to get the 2 windows machines talking over 1/2 1/4 ports, If not then I'll start with switchport setup on 1/2, 1/4....
no switchport setup
Outside 1/1 Inside 1/2 bridge-group 1, 1/4 bridge-group 1
no switchport,
multicast-routing
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list INSIDE_IGMP extended permit igmp any any
tried all kinds of access-list group-policy rules
examples
access-list INSIDE_IGMP_2_4 extended permit igmp interface inside_port2 interface inside_port4
access-list MULTICAST_224_225 standard permit any4
group-policy INSIDE_IGMP_2_4 internal
group-policy INSIDE_224_225 internal
Any Thoughts, Thanks Cal
I'm not concerned about multicast 224 and 225 IPs going through the firewall only port to port like 1/2, 1/4....
Do you see a way to use no switchport on the ports or do i need to start with switchport and turn the
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide