11-04-2008 02:08 PM
I have an ASA 5540 that I am using to multicast Video over a hub and spoke VPN. The ASA always deny's the IGMP packets because of IP options. How do it permit the ASA to forward the IGMP traffic?
11-04-2008 02:43 PM
Dan,
It is my understanding that this is expected behavior on the ASA and there is no knob to change this behavior. One option to make this work is to disable the IP Options on the end device to make this work. If this is not an option for you (which I believe will be the case), you need to contact your Local Sales Team and have them put in an enhancement request to change this behavior.
Please refer the below URL for some information on ASA and IP Options.
106012
Error Message %PIX|ASA-6-106012: Deny IP from IP_address to IP_address, IP options hex.
Explanation This is a packet integrity check message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.
Recommended Action Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.
http://www.cisco.com/en/US/docs/security/asa/asa70/system/message/logmsgs.html#wp1279793
Regards,
Arul
*Pls rate if it helps*
11-04-2008 04:35 PM
Arul
Thanks for your reply. The end device that I am using is Windows XP connected with Cisco Anyconnect. Should I be able to receive multicast traffic remotely using Anyconnect?
Thanks
Dan
11-04-2008 06:47 PM
Dan,
It is my understanding that Anyconnect Client does not support Multicast.
Regards,
Arul
*Pls rate if it helps*
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: