Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

438
Views
0
Helpful
2
Replies
kwaltersITT
Beginner
Beginner
‎01-07-2014 10:18 AM
‎01-07-2014 10:18 AM

IGMP settings on transparent firewall.

What are the requirements for allowing IGMP traffic to pass through a transparent ASA 5550?

I have inherited a configuration that is currently configured to alloww IGMP from any to any and would like to restrict this protocol.  On the trusted side I ave a single host configured for multicast and on the untrusted side there is a switch and then router.  I do not control the router or switch configuration on the untrusted side.

My questions are:

-  Is IGMP allowed through by default?

-  Are the ACL entrys   "access-list outside-in extended permit igmp any any" and "access-list inside-out extended permit igmp any any"

   required to allow IGMP join, query, leave etc...?

- If this is required how do I limit the source and destination ip range?

Thanks

Labels:
0 Helpful
2 REPLIES 2
vishaw jasrotia
Beginner
Beginner
‎01-07-2014 11:54 PM
‎01-07-2014 11:54 PM

Kevin can u please give more clear view of your topology.

As per firewall default policy , every traffic originating from the outside network is denied. Only the traffic from inside is permitted.

And when wew talk about IGMP, it need to be run over end device where our host are connected.

Thanks.

0 Helpful
kwaltersITT
Beginner
Beginner
In response to vishaw jasrotia
‎01-08-2014 07:46 AM
‎01-08-2014 07:46 AM

It is really very simple topolgy.    single host inside ---  my ASA --- other company ASA Outside --  Other company switch  then router Inside.

My server acts as both multicast Server and client.

Additional question...

can anyone clarify this statement? 

These destination MAC addresses are allowed through the transparent firewall. Any MAC address not on this list is dropped.

  • IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE.FFFF

I assume this follows the same rule as anything else and that it only allows these from a higher number interface to a lower number interface...

0 Helpful
Latest Contents
Converting Cisco Secure Endpoint Connectors from Audit to Pr...
Created by Sohaib Ahmed on 06-23-2022 05:19 PM
0
0
0
0
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari... view more
🧦💚 Tell us about your ZTNA journey in exchange for a pair ...
Created by betswang on 06-23-2022 03:05 PM
0
15
0
15
  Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ... view more
Cisco ASA Access-list ACL using network object
Created by Meddane on 06-23-2022 06:59 AM
0
0
0
0
  A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se... view more
How To: Cisco ISE Captive Portals with Aruba Wireless
Created by ahollifield on 06-22-2022 06:23 PM
3
10
3
10
How To: Cisco ISE Captive Portals with Aruba Wireless Authors: Adam Hollifield, Brad Johnson IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi... view more
Get Started with SecureX | Overview and Product Demo
Created by Matt Anderson on 06-16-2022 03:04 AM
0
5
0
5
Ready to learn more about SecureX? Our Cisco security expert @Juan Ponce Dominguez reviews the features and benefits of SecureX, as well as a product demo covering: Customising SecureX dashboards to create a single pane, unified visibility Integrati... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad