Hello, I have a couple questions about Transparent FW.
1. Why would you use the arp-inspection command with the flood option? This allows the unmatching packets to still be flooded. In my testing it still allows the ARP packets to pass when no static ARP entries are defined. Does it still serve a purpose with the flood option? 2. As I understand it, we need to allow multicast traffic in both directions, such as OSPF and PIM hellos. But in the ASA 8.2 Configuration Guide (Chapter 4-2), it says IPv4-mapped multicast MAC addresses (0100.5E00.0000 to 0100.5EFE.FFFF) are allowed. If so, then why are OSPF, PIM dropped without an ACL (even from inside->outside). They use MACs in that range. Just curious as to what the ASA guide is getting at. Thanks, B
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
