Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
3
Helpful
3
Replies

How do I permit IGMP packets with IP OPTIONS: Router Alert?

dannpires
Level 1
Level 1

‎11-04-2008 02:08 PM

I have an ASA 5540 that I am using to multicast Video over a hub and spoke VPN. The ASA always deny's the IGMP packets because of IP options. How do it permit the ASA to forward the IGMP traffic?

Labels:
0 Helpful
3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

‎11-04-2008 02:43 PM

Dan,

It is my understanding that this is expected behavior on the ASA and there is no knob to change this behavior. One option to make this work is to disable the IP Options on the end device to make this work. If this is not an option for you (which I believe will be the case), you need to contact your Local Sales Team and have them put in an enhancement request to change this behavior.

Please refer the below URL for some information on ASA and IP Options.

106012

Error Message %PIX|ASA-6-106012: Deny IP from IP_address to IP_address, IP options hex.

Explanation This is a packet integrity check message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded.

Recommended Action Contact the remote host system administrator to determine the problem. Check the local site for loose source routing or strict source routing.

http://www.cisco.com/en/US/docs/security/asa/asa70/system/message/logmsgs.html#wp1279793

Regards,

Arul

*Pls rate if it helps*

0 Helpful

dannpires
Level 1
Level 1
In response to ajagadee

‎11-04-2008 04:35 PM

Arul

Thanks for your reply. The end device that I am using is Windows XP connected with Cisco Anyconnect. Should I be able to receive multicast traffic remotely using Anyconnect?

Thanks

Dan

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to dannpires

‎11-04-2008 06:47 PM

Dan,

It is my understanding that Anyconnect Client does not support Multicast.

Regards,

Arul

*Pls rate if it helps*

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents