Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
0
Helpful
4
Replies

Multicast traffic not passing through from LAN to DMZ

pvenkatesh6
Level 1
Level 1

‎08-17-2010 04:06 AM - edited ‎03-11-2019 11:26 AM

Hi

I am experiencing one issue on ASA 5520 firewall with version 8.2(2).  There is a Server in LAN which sends the multicast traffic to DMZ network where in NAT is given for hiding real ip of  DMZ server and  further it forwards the multicast traffic to its clients at outside interface.

The issue is about multicast traffic not traversing from LAN interface to DMZ network. Eventhough we have allowed nonat entries from Sender and multicast ip, the traffic is not passing through at all. We have verified multicast routing is enabled on asa firewall and see the packet sent and receive response.

Can anyone  let me know  the reason of  blocking the multicast traffic from one interface to other interface

Labels:
0 Helpful
4 Replies 4

Jitendriya Athavale
Cisco Employee
Cisco Employee

‎08-17-2010 07:56 AM

check this

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807631d2.shtml

this has server sitting on the outside, but it will give you pointers on what to look for, also it will tell you waht is supported and what is not

0 Helpful

pvenkatesh6
Level 1
Level 1

‎08-17-2010 08:31 AM

Hi Jathaval,

Thanks for your reply. I wanted to say something more on this. The multicast traffic was happening till last friday but on monday we found the issue on multicast traffic not passing between LAN and DMZ interface. There was no configuration changes done on firewall since Friday. All of sudden this problem raised and was able to capture IGMP traffic on Firewall. At last resort we did the reboot of firewall after which the multicast traffic found passing between LAN and DMZ firewall

we wish to know the reason behind it.  

IGMP Traffic Counters
Elapsed time since counters cleared: 06:47:00

                              Received     Sent
Valid IGMP Packets       32012        3981     
Queries                       2922         2910     
Reports                       28508        1066     
Leaves                        582          5        
Mtrace packets                0            0        
DVMRP packets                 0            0        
PIM packets                   0            0       

Errors:
Malformed Packets             0        
Martian source                0        
Bad Checksums                 0       

0 Helpful

Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to pvenkatesh6

‎08-17-2010 09:27 AM

do you have any igmp debugs or captures collected on LAN and DMZ interface

0 Helpful

pvenkatesh6
Level 1
Level 1
In response to Jitendriya Athavale

‎08-17-2010 08:30 PM

Sorry we dont have debug information for IGMP. before recycling the firewall we took sh tech information of firewall. Is it useful now to find the reason for the problem?. If so,  what to search in sh logs information.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card