[AusNOG] Quick ASA question
Mark ZZZ Smith
markzzzsmith at yahoo.com.au
Wed Feb 25 17:20:48 EST 2015
So what did the manual say about setting up multicast, and why haven't you spent 5 minutes trying adding them to your ACL to see if that is the cause of your problem?
http://www.catb.org/esr/faqs/smart-questions.html#before
________________________________
From: Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
To: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Sent: Wednesday, 25 February 2015, 16:20
Subject: [AusNOG] Quick ASA question
Hi
I'm setting up multicast routing through an ASA5520.
Once I turn on PIM, IGMP on an interface, does that allow IGMP and PIM packets in on that interface or do I have to add them to my access list ?
I know for some things, it auto adds thing, like OSPF, EiGRIP.
Just when I try the packet trace command it fails
Result:
input-interface: xxxx
input-status: up
input-line-status: up
Action: drop
Drop-reason: (security-failed) Early security checks failed
>From my googling the error has something to do with reverse path look up (when related to MC traffic ), but the src address of the IGMP/PIM packet is from the local lan !
A
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list