Kings,
What does "inspection" do to the packet? Johan From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: 08 September 2010 10:33 AM To: [email protected] Subject: Re: [OSL | CCIE_Security] Multicast traffic across Transparent firewall Got the problem. I had the icmp inspection enabled. Since the reply was unicast back to r2, the inspection caused the response to be dropped. Disabling the icmp inspection, solved issue. With regards Kings On Wed, Sep 8, 2010 at 12:51 PM, Kingsley Charles <[email protected]> wrote: Hi all I am trying to send multicast traffic across the ASA in transparent mode. r1 10.20.30.41 -----------asa----------------- 10.20.30.42 r2 10.20.30.47 r1 == int f0/0 ip igmp join-group 239.1.2.3 ASA === access-list inbound permit ip any host 239.1.2.3 access-list outbound permit ip any any access-group inbound in interface outside access-group outbound in interface inside When I ping 239.1.2.3 from r2, I see the counters incremented in the access-list and also the packet capture shows that R1 replies to multicast packet. But I don't see replies on R1. Even if the capture on ASA shows response from R1, I think it is being dropped by ASA. Any thoughts? asa1(config)# sh capture mut 1325 packets captured 1: 12:18:14.311492 802.3 encap packet 2: 12:18:16.316267 802.3 encap packet 3: 12:18:16.316283 802.3 encap packet 4: 12:18:17.531314 10.20.30.42 > 239.1.2.3: icmp: echo request 5: 12:18:17.531405 10.20.30.42 > 239.1.2.3: icmp: echo request 6: 12:18:17.532305 10.20.30.41 > 10.20.30.42: icmp: echo reply 7: 12:18:18.320967 802.3 encap packet 8: 12:18:18.320982 802.3 encap packet 9: 12:18:20.325865 802.3 encap packet 10: 12:18:20.325880 802.3 encap packet 11: 12:18:20.616987 001b.d585.7889 001b.d585.7889 0x9000 60: With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
