folks

i setting up an asa (5540) to allow multicast traffic from an upstream server, on a DMZ interface, through to the inside interface so i'm doing a bit of preparatory investigation

the streaming server is 10.12.65.12 and i have an mroute statement

mroute 10.12.65.0 255.255.0 DMZ

the DMZ interface has a security-level 0

i have multicast routing enabled and igmp enabled on the DMZ and Inside interfaces and i can see a PIM neighbour on the outside

one of the multicast addresses is 239.192.65.10

my problem

when i run

packet-tracer in dmz udp 10.63.65.12 58657 239.192.61.10 1234

i get the following

Result:      
input-interface: DMZ
input-status: up
input-line-status: up
Action: drop 
Drop-reason: (security-failed) Early security checks failed

i've only seen a couple of posts about this but there are no resolutions so i'm particularly keen to get this sorted before i have to deliver the streaming media

has anyone any ideas or views?

thanks to anyone taking the time to read this or to reply

greatly appreciated