cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
121
Views
0
Helpful
0
Replies
Highlighted
Beginner

ASA5520 multicast routing issue

Hi

 

I have a asa5520, with 8.5 on it.

 

I am having issues setting up multicast routing through the device.

 

when i test to see if PIM packets can make it to my inside interface, it seems to fail on reverse path check ! But 10.10.10.4 is direct attached

packet-tracer input ybman19 rawip 10.10.10.4 103 224.0.0.13 detailed

Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 227703752, using existing flow
Module information for forward flow ...
snp_fp_inspect_ip_options
snp_fp_mcast
snp_sp_mcast
snp_fp_punt <IPv4 PIM>
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...

Result:
input-interface: ybman19
input-status: up
input-line-status: up
Action: drop
Drop-reason: (security-failed) Early security checks failed

 

 

 

My setup is

 

ext router

VV

DMZ VLAN

VV 

ASA5520

VV 

MAN Network 

VV

Int Router

VV

WAN link

VV

secondary rtr

VV

test vlan

 

Test box on the test vlan. I have had this boxed directly attached to the DMZ vlan and it can setup and start to receive MC traffic from my provider

 

when i test it on the test vlan, I can see IGMPv2 to the secondary rtr, it talks to the int router via pim.  But I see nothing on the ASA.

 

for the inter rtr have a manual RP -> 10.10.10.1 (ASA5520).

The asa has a rp-address points to the ext rtr.

 

The ASA seems to be blocking or ???

 

I have tried to setup a static IGMP request on the RP, but still nothing on the ext rtr ..

 

help :)

 

 

 

 

 

Everyone's tags (1)