Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
1
Replies

HSRP Multicast with ZBFW

Matthew
Level 1
Level 1

‎01-07-2016 01:07 PM - edited ‎03-12-2019 12:07 AM

I am currently using interface based ACL's and during my configuration of HSRP I had to allow my secondary routers IP to multicast to the address of 224.0.0.2 and just the same on the secondary one for the IP on the primary router. If I convert to a zone based firewall what will I have to do to allow HSRP to work properly?

Current configuration:

Primary:

IP: 192.168.1.11

VIP: 192.168.1.1

permit udp host 192.168.1.12 host 224.0.0.2 eq 1985

Standby:

IP: 192.168.1.12

VIP:192.168.1.1

permit udp host 192.168.1.11 host 224.0.0.2 eq 1985

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-07-2016 05:11 PM

Zone based firewall is more for traffic between interfaces, not to an interface (all though there is the "self" zone).  While an interface ACL affects traffic entering an interface, rather than passing between interfaces.

If you have no rules defined between the HSRP zone and "self" it should just work.  If you lock HSRP zone to "self" down then you may need to add rules.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card