11-04-2008 02:08 PM
I have an ASA 5540 that I am using to multicast Video over a hub and spoke VPN. The ASA always deny's the IGMP packets because of IP options. How do it permit the ASA to forward the IGMP traffic?
11-04-2008 02:43 PM
Dan,
It is my understanding that this is expected behavior on the ASA and there is no knob to change this behavior. One option to make this work is to disable the IP Options on the end device to make this work. If this is not an option for you (which I believe will be the case), you need to contact your Local Sales Team and have them put in an enhancement request to change this behavior.
Please refer the below URL for some information on ASA and IP Options.
106012
Error Message %PIX|ASA-6-106012: Deny IP from IP_address to IP_address, IP options hex.
Explanation This is a packet integrity check message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.
Recommended Action Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.
http://www.cisco.com/en/US/docs/security/asa/asa70/system/message/logmsgs.html#wp1279793
Regards,
Arul
*Pls rate if it helps*
11-04-2008 04:35 PM
Arul
Thanks for your reply. The end device that I am using is Windows XP connected with Cisco Anyconnect. Should I be able to receive multicast traffic remotely using Anyconnect?
Thanks
Dan
11-04-2008 06:47 PM
Dan,
It is my understanding that Anyconnect Client does not support Multicast.
Regards,
Arul
*Pls rate if it helps*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide