Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
0
Helpful
3
Replies

ASA Transparent mode multicast traffic in 8.2 and 8.4

Mahesh Pratap Singh
Level 1
Level 1

‎12-26-2014 02:31 AM - edited ‎03-11-2019 10:16 PM

Hi,

 

When i configure 8.2 in trasparent mode and deploy the a network that was wrok on EIGRP after that i found the neighborship was stop when i allow the mutlicast address and prtocol on outside interface it was start the working But when i deploy an ASA with 8.4 IOS and then allow the multicast address and protocol both the interface (Inside and outside) after that it was start working.

So i want to know that what the reasion to allow multicast address and protocol on 8.4 IOS for both interface. I am not able to find any answer for this.

Labels:
0 Helpful
3 Replies 3

Poonam Garg
Level 3
Level 3

‎12-29-2014 08:44 AM

Hi Mahesh,

By default ASA in transparent mode do not allow any packets not having a valid EtherType greater than or equal to 0x600. As per my knowledge this concept remain same for all versions of ASA. Most control plane protocols are denied.

ASA in transparent mode only allows ARP, broadcast traffic, TCP and UDP inspected unicast traffic.

For EIGRP to work through transparent firewall, we need to open ACLs in both direction for multicast and unicast both type of EIGRP traffic on all versions of ASA Firewall.

 

 

 

0 Helpful

Mahesh Pratap Singh
Level 1
Level 1
In response to Poonam Garg

‎01-03-2015 08:09 AM

Hi Poonam,

 

When we assign Mgmt IP address of transparent mode in  8.2 and BVI interface IP in 8.4 after that we see that ARP packet is allow its EtherType 0x806 and IP packet is also allow EtherType 0x800 without any ACL. As per you it  is not allowed EtherType greater than or equal to 0x600.

 

 

0 Helpful

Poonam Garg
Level 3
Level 3
In response to Mahesh Pratap Singh

‎01-06-2015 06:41 AM

Hi Mahesh,

As per my statement, By default ASA in transparent mode do not allow any packets not having a valid EtherType greater than or equal to 0x600. Your findings are exactly the same..

 

Please do rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card