Cisco ASA deny from ip x.x.x.x to ip x.x.x.x Ip options "Router Alert"

sdasgupta · ‎12-18-2012

Can any body help

i am facing a problem

when i am callling my polycom viedo end point to any polycomvideo end point through public ip no video comes from far end but from far end they are watching my video .

I have ASA firewall version 8.0(4) and i have configured a static nat and enable the necessary port.but when i am watching firewall log see that

deny ip from x.x.x.x to ip x.x.x.x Ip options "Router Alert". i thik for this alert i am not able to see the far end video.

plese help me how to recver this problem

Sujit Dasgupta

julomban · ‎12-18-2012

Hello Sujit,

IP packets with "ip options" set are being dropped by the ASA due to security reasons.

A bug was filed in this regard and later an enhancement request was filed to find out a way to clear the ip options from the packet or ignore it and let it pass through the firewall.

Here is the bug id : CSCSE96428

Here is the enhancement request : CSCsh73388

The bug is fixed on 8.2(2). You can either upgrade the ASA IOS or check which application is sending ip packets with router options and have them disable it to proceed furher on it.

Regards,

Juan Lombana

Please rate helpful posts.