Hi
I have a asa5520, with 8.5 on it.
I am having issues setting up multicast routing through the device.
when i test to see if PIM packets can make it to my inside interface, it seems to fail on reverse path check ! But 10.10.10.4 is direct attached
packet-tracer input ybman19 rawip 10.10.10.4 103 224.0.0.13 detailed
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 227703752, using existing flow
Module information for forward flow ...
snp_fp_inspect_ip_options
snp_fp_mcast
snp_sp_mcast
snp_fp_punt <IPv4 PIM>
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
Result:
input-interface: ybman19
input-status: up
input-line-status: up
Action: drop
Drop-reason: (security-failed) Early security checks failed
My setup is
ext router
VV
DMZ VLAN
VV
ASA5520
VV
MAN Network
VV
Int Router
VV
WAN link
VV
secondary rtr
VV
test vlan
Test box on the test vlan. I have had this boxed directly attached to the DMZ vlan and it can setup and start to receive MC traffic from my provider
when i test it on the test vlan, I can see IGMPv2 to the secondary rtr, it talks to the int router via pim. But I see nothing on the ASA.
for the inter rtr have a manual RP -> 10.10.10.1 (ASA5520).
The asa has a rp-address points to the ext rtr.
The ASA seems to be blocking or ???
I have tried to setup a static IGMP request on the RP, but still nothing on the ext rtr ..
help :)