Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IGMP settings on transparent firewall.

What are the requirements for allowing IGMP traffic to pass through a transparent ASA 5550?

I have inherited a configuration that is currently configured to alloww IGMP from any to any and would like to restrict this protocol.  On the trusted side I ave a single host configured for multicast and on the untrusted side there is a switch and then router.  I do not control the router or switch configuration on the untrusted side.

My questions are:

-  Is IGMP allowed through by default?

-  Are the ACL entrys   "access-list outside-in extended permit igmp any any" and "access-list inside-out extended permit igmp any any"

   required to allow IGMP join, query, leave etc...?

- If this is required how do I limit the source and destination ip range?


Everyone's tags (1)
Community Member

IGMP settings on transparent firewall.

Kevin can u please give more clear view of your topology.

As per firewall default policy , every traffic originating from the outside network is denied. Only the traffic from inside is permitted.

And when wew talk about IGMP, it need to be run over end device where our host are connected.


Community Member

Re: IGMP settings on transparent firewall.

It is really very simple topolgy.    single host inside ---  my ASA --- other company ASA Outside --  Other company switch  then router Inside.

My server acts as both multicast Server and client.

Additional question...

can anyone clarify this statement? 

These destination MAC addresses are allowed through the transparent firewall. Any MAC address not on this list is dropped.

  • IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE.FFFF

I assume this follows the same rule as anything else and that it only allows these from a higher number interface to a lower number interface...

CreatePlease to create content