How do I permit IGMP packets with IP OPTIONS: Router Alert?

Unanswered Question
Nov 4th, 2008
User Badges:

I have an ASA 5540 that I am using to multicast Video over a hub and spoke VPN. The ASA always deny's the IGMP packets because of IP options. How do it permit the ASA to forward the IGMP traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
ajagadee Tue, 11/04/2008 - 14:43
User Badges:
  • Cisco Employee,

Dan,


It is my understanding that this is expected behavior on the ASA and there is no knob to change this behavior. One option to make this work is to disable the IP Options on the end device to make this work. If this is not an option for you (which I believe will be the case), you need to contact your Local Sales Team and have them put in an enhancement request to change this behavior.


Please refer the below URL for some information on ASA and IP Options.


106012


Error Message %PIX|ASA-6-106012: Deny IP from IP_address to IP_address, IP options hex.


Explanation This is a packet integrity check message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.


Recommended Action Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.


http://www.cisco.com/en/US/docs/security/asa/asa70/system/message/logmsgs.html#wp1279793


Regards,

Arul


*Pls rate if it helps*

dannpires Tue, 11/04/2008 - 16:35
User Badges:

Arul


Thanks for your reply. The end device that I am using is Windows XP connected with Cisco Anyconnect. Should I be able to receive multicast traffic remotely using Anyconnect?


Thanks

Dan


ajagadee Tue, 11/04/2008 - 18:47
User Badges:
  • Cisco Employee,

Dan,


It is my understanding that Anyconnect Client does not support Multicast.


Regards,

Arul


*Pls rate if it helps*

Actions

This Discussion