From: Benjamin Hill (ibennybravo@gmail.com)
Date: Sun May 20 2007 - 06:47:34 ART
(Sorry - forgot to cc the group on the reply)
Hi Peter,
My understanding is that ARP and all "IP" traffic is by default allowed from
a higher security interface to lower one.
The fact that your multicast (presuming its eigrp/ospf) traffic is getting
denied is probably not that its destined to a multicast address, but rather
that its not IP traffic i.e. its ospf or eigrp neighbor init traffic.
So you do need to explicitly allow this on the inside (and obviously
outside) interfaces. If you want, you can just permit any ospf/eigrp, or if
you want to be specific you can limit the exchange from the appropriate
source to the protocol multicast address (for the initial hello) and also
from the appropriate source to the actual ospf/eigrp neighbor (remembering
that once a neighborship is up, the routing updates will be unicast).
HTH
Ben
On 5/20/07, Peter Svidler <doubleccie@yahoo.com> wrote:
>
> guys;
> I am trying to understand the transparent mode of the ASA or PIX .
>
> is all the traffic by default from inside to outside allowed ?? and all
> traffic from outside to inside is denied by default ?/
>
>
> I can see on my ASA logs that some traffic is denied from inside to
> outside (traffic going to mulitcast addresses for example ) ..why is that?/
>
>
>
>
> ---------------------------------
> Be a PS3 game guru.
> Get your game face on with the latest PS3 news and previews at Yahoo!
> Games.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:21 ART