Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA drops multicast stream packets

Hi,

We set up multicast routing as advised in configuration guides.

The details:

- We use ASA 8.4(1) , enabled multicast-routing

- source is on the outside interface

- receivers are far away in the network core on the inside interface

- we use pim sparse mode

- used static rp configuration, rp is a remote switch

- we NAT the source address of the source.

Results: ASA drops multicast traffic with the following message:

%ASA-7-710005: UDP request discarded from 192.168.2.110/1193 to outside:239.255.100.1/1234

Packet tracer says:Drop-reason: (security-failed) Early security checks failed

Other information:

When we disconnect the firewall from the rest of the network and conduct isolated local tests with a receiver connected to the inside interface it works fine. But as soon as we connect and pim neighborship and mroute builds up it starts dropping packets.

The rest of the network works fine, if we put the source after the firewall (to the inside interface).

Any idea?

Thanks,

Rodion

Everyone's tags (5)
3 REPLIES
New Member

ASA drops multicast stream packets

I have the same problem.

Anyone?

New Member

ASA drops multicast stream packets

Downgrading to 8.3.1 solved the issue.

This was definitely a software bug in 8.4.1

New Member

ASA drops multicast stream packets

That did it!!

I really appreciate your help.

Thanks

1603
Views
0
Helpful
3
Replies
CreatePlease to create content