Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
2
Helpful
3
Replies

Cisco ASA 5555x Multicast

kajumblies15
Level 1
Level 1

‎06-19-2023 08:16 AM

I wanted to see if anyone has any suggestions or has come across issues with redirecting multicast traffic through the firepower module. I followed the standard process to redirecting traffic to the module by creating an acl then a class map and then adding all that to the service policy section and setting the sfr session to fail open. What could I be missing that would cause the ASA to not redirect multicast to the module.

Thank You!

3 Replies 3

marce1000
VIP
VIP

‎06-19-2023 10:00 AM

 

 - Redirecting multicast traffic through the Cisco Firepower Module can be a complex task, and there are a few potential issues you could be facing. Here are some suggestions to troubleshoot the problem:

Verify ACL and Class Map Configuration: Double-check your ACL and class map configuration to ensure that you have correctly defined the criteria for redirecting multicast traffic. Ensure that the ACL permits the desired multicast traffic, and the class map correctly matches the ACL.

Inspect Service Policy Configuration: Review the service policy configuration to confirm that you have correctly associated the ACL and class map with the policy. Ensure that the policy is applied in the correct direction (inbound or outbound) on the appropriate interface.

Check for Conflicting Configurations: Ensure there are no conflicting configurations that might prevent the multicast traffic from being redirected. For example, verify that there are no other access lists or policies interfering with the desired traffic redirection.

Verify SFR Session Configuration: Check the SFR (Security Services Module) session configuration to ensure it is set to fail open for multicast traffic. Confirm that the SFR is correctly integrated with the ASA and the session settings allow the desired traffic.

Monitor Logs and Debug Information: Enable logging and debugging on the ASA to gather more information about the traffic flow and any potential errors or warnings related to the multicast redirection. Check the ASA logs and SFR logs for any relevant messages that could help diagnose the issue.

Confirm ASA and Firepower Compatibility: Ensure that the version of ASA software and Firepower Module firmware you are using are compatible and recommended for the desired multicast traffic redirection. Check the Cisco documentation or support resources for any known issues or specific requirements.

Consider Network Topology and Multicast Routing: Evaluate your network topology and multicast routing configuration to ensure that multicast traffic can reach the ASA and be properly redirected. Verify that multicast routing is enabled and configured correctly on the ASA and any relevant network devices.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP

‎06-19-2023 10:20 AM

What is asa mode transparent or router mode ?

0 Helpful

kajumblies15
Level 1
Level 1
In response to MHM Cisco World

‎06-20-2023 07:58 AM

ASA is in router mode. 

the following are the configs for redirecting 

class-map mcast
 match any
policy-map global_policy
 class mcast
  sfr fail-close
service-policy global_policy global
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card