[AusNOG] Quick ASA question
Alex Samad - Yieldbroker
Alex.Samad at yieldbroker.com
Wed Feb 25 16:20:39 EST 2015
Hi
I'm setting up multicast routing through an ASA5520.
Once I turn on PIM, IGMP on an interface, does that allow IGMP and PIM packets in on that interface or do I have to add them to my access list ?
I know for some things, it auto adds thing, like OSPF, EiGRIP.
Just when I try the packet trace command it fails
Result:
input-interface: xxxx
input-status: up
input-line-status: up
Action: drop
Drop-reason: (security-failed) Early security checks failed
>From my googling the error has something to do with reverse path look up (when related to MC traffic ), but the src address of the IGMP/PIM packet is from the local lan !
A
More information about the AusNOG
mailing list