Hi

I have a asa5520, with 8.5 on it.

I am having issues setting up multicast routing through the device.

when i test to see if PIM packets can make it to my inside interface, it seems to fail on reverse path check ! But 10.10.10.4 is direct attached

packet-tracer input ybman19 rawip 10.10.10.4 103 224.0.0.13 detailed

Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 227703752, using existing flow
Module information for forward flow ...
snp_fp_inspect_ip_options
snp_fp_mcast
snp_sp_mcast
snp_fp_punt <IPv4 PIM>
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...

Result:
input-interface: ybman19
input-status: up
input-line-status: up
Action: drop
Drop-reason: (security-failed) Early security checks failed

My setup is

ext router

VV

DMZ VLAN

VV 

ASA5520

VV 

MAN Network 

VV

Int Router

VV

WAN link

VV

secondary rtr

VV

test vlan

Test box on the test vlan. I have had this boxed directly attached to the DMZ vlan and it can setup and start to receive MC traffic from my provider

when i test it on the test vlan, I can see IGMPv2 to the secondary rtr, it talks to the int router via pim.  But I see nothing on the ASA.

for the inter rtr have a manual RP -> 10.10.10.1 (ASA5520).

The asa has a rp-address points to the ext rtr.

The ASA seems to be blocking or ???

I have tried to setup a static IGMP request on the RP, but still nothing on the ext rtr ..

help :)