Multicast traffic not passing through from LAN to DMZ

Unanswered Question
Aug 17th, 2010
User Badges:


I am experiencing one issue on ASA 5520 firewall with version 8.2(2).  There is a Server in LAN which sends the multicast traffic to DMZ network where in NAT is given for hiding real ip of  DMZ server and  further it forwards the multicast traffic to its clients at outside interface.

The issue is about multicast traffic not traversing from LAN interface to DMZ network. Eventhough we have allowed nonat entries from Sender and multicast ip, the traffic is not passing through at all. We have verified multicast routing is enabled on asa firewall and see the packet sent and receive response.

Can anyone  let me know  the reason of  blocking the multicast traffic from one interface to other interface

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pvenkatesh6 Tue, 08/17/2010 - 08:31
User Badges:

Hi Jathaval,

Thanks for your reply. I wanted to say something more on this. The multicast traffic was happening till last friday but on monday we found the issue on multicast traffic not passing between LAN and DMZ interface. There was no configuration changes done on firewall since Friday. All of sudden this problem raised and was able to capture IGMP traffic on Firewall. At last resort we did the reboot of firewall after which the multicast traffic found passing between LAN and DMZ firewall

we wish to know the reason behind it.  

IGMP Traffic Counters
Elapsed time since counters cleared: 06:47:00

                              Received     Sent
Valid IGMP Packets       32012        3981     
Queries                       2922         2910     
Reports                       28508        1066     
Leaves                        582          5        
Mtrace packets                0            0        
DVMRP packets                 0            0        
PIM packets                   0            0       

Malformed Packets             0        
Martian source                0        
Bad Checksums                 0       

Jitendriya Athavale Tue, 08/17/2010 - 09:27
User Badges:
  • Cisco Employee,

do you have any igmp debugs or captures collected on LAN and DMZ interface

pvenkatesh6 Tue, 08/17/2010 - 20:30
User Badges:

Sorry we dont have debug information for IGMP. before recycling the firewall we took sh tech information of firewall. Is it useful now to find the reason for the problem?. If so,  what to search in sh logs information.


This Discussion