Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1310
Views
1
Helpful
5
Replies

Can ASA increase TTL of packets it forwards?

sasha
Level 1
Level 1

‎03-02-2023 01:13 AM - edited ‎03-06-2023 12:29 AM

Hello. Can ASA increase TTL of multicast packets while forwarding them? Sender is on the outside interface, it sends multicast with TTL = 1, receivers are all over the rather complicated inside network. ASA passes the multicast, but hext hop router discards them due to expired TTL.

Btw, I'm NOT talking about "set connection decrement-ttl" . Is there some feature that sets TTL to a given value?

ASA version is 9.13(1)2. Thanks and best regards.

0 Helpful
5 Replies 5

Kasun Bandara
VIP
VIP

‎03-02-2023 01:34 AM

i dont think that is possible. you can take a packet capture before and after ASA to find TTL values and adjust multicast application accordingly. to more troubleshooting steps check below links.

https://community.cisco.com/t5/security-knowledge-base/asa-pix-fwsm-multicast-tips-and-common-problems/tac-p/4055648#toc-hId-1855988261

https://www.cisco.com/c/en/us/support/docs/ip/ip-multicast/16450-mcastguide0.html#ttlthreshold

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-02-2023 01:39 AM

how about adding in the class map as the example below :

ASA(config)#policy-map global_policy
ASA(config-pmap)#class class-default
ASA(config-pmap-c)#set connection decrement-ttl

If ASDM

  1. Firewall > Service Policy Rules
  2. Edit class-default
  3. Go to the Connection Settings tab
  4. Under Time to Live > Check “Decrement time to live for a connection”
  5. OK & Save

 https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/conns-connlimits.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-03-2023 09:43 AM

Confirming @balaji.bandi 's answer works for at least some traffic. I have done it often for the use case of icmp ttl used in traceroute. Not sure about multicast though.

0 Helpful

sasha
Level 1
Level 1
In response to Marvin Rhoads

‎03-06-2023 12:24 AM

Dear Marvin, with all respect, confirming both You and @balaji.bandi didn't see the following sentence in my initial post:

> I'm NOT talking about "set connection decrement-ttl" .

I need to increase TTL, not decrement it... Any ideas? Thanks and best regards.

0 Helpful

sasha
Level 1
Level 1
In response to sasha

‎03-06-2023 12:27 AM

I've just edited the topic title ("modify" -> "increase") to avoid such misunderstandings. BR.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card