Pelco Camera's Multicasting through asa

paul.miller11 · ‎07-05-2016

Hi, I have been trying to configure an asa 5512-x to pass multicast traffic from an outside network to an inside network as per the document :

PIX/ASA 7.x : Multicast on the PIX/ASA Platforms with sender on Outside Configuration Example

Document ID : 71779

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/71779-pix-asa-multicast-outside.pdf

Here is the config :

: Saved

: Written by enable_15 at 23:30:10.378 UTC Tue Jul 5 2016

!

ASA Version 9.1(1)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

multicast-routing

names

!

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 172.17.1.254 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.0.100 255.255.255.0

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/5

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

management-only

shutdown

no nameif

no security-level

no ip address

!

pim rp-address 192.168.0.100

ftp mode passive

access-list outside_access_inbound extended permit ip any host 239.17.1.50

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu outside 1500

mtu inside 1500

mroute 172.17.1.50 255.255.255.255 outside

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

access-group outside_access_inbound in interface outside

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:a17cf9fbd0bc19666dc98984a2e04ac5

: end

the multicast group 239.17.1.50 is not being forwarded through the asa

I have looked at the relevant multicasting support documentation from cisco, however so far I have been unable to resolve the issue.

the only difference (apart from the ip addressing) is that the document 71779 specifies that cisco asa version 7.x code is running on the example but the asa I am using is version 9.x

Please can anyone help and assist with a resolution to this issue, is it the version of code ??? or am I missing something in the config ??

Thanking you in advance

Kind Regards

Paul