Hi Mujtaba,
Inside interface has security level of 100 and it should allow any traffic
from inside to outside and also create a connection entry in the connection
table so that reverse traffic is also allowed. UDP traffic is inspected by
default and so should be the RIP .
Thanks,
Ajay
2009/6/23 Mujtaba Bashir <oldzarix_at_hotmail.com>
> hi Ajay, The security appliance does not allow any traffic unless it is
> explicitly permitted by an extended access list.
>
> --Mujtaba Bashir
>
> > Date: Tue, 23 Jun 2009 11:20:22 +0530
> > Subject: permit rip/eigrp on inside interface of ASA?
> > From: ajaymehra01_at_gmail.com
> > To: ccielab_at_groupstudy.com
>
> >
> > Hi,
> >
> > Is this a known issue with ASA? Eigrp and rip packets are not allowed to
> > enter inside interface of Transparent Firewall until explicitly
> permitted.
> >
> > %ASA-3-106010: Deny inbound protocol 88 src inside:150.100.3.254 dst
> > outside:224
> > .0.0.10
> >
> > %ASA-2-106006: Deny inbound UDP from 150.100.1.254/520 to 224.0.0.9/520on
> > inter
> > face inside
> >
> >
> > After I enable "access-list INSIDE per ip an an" everything worked.
> >
> > Although I have not got a chance to test this with Routed firewall but I
> see
> > this problem always with Transparent firewall.
> >
> >
> >
> > Thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> ------------------------------
> Hotmail. has ever-growing storage! Don�t worry about storage limits. Check
> it
out.<http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tut
orial_Storage_062009>
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 23 2009 - 11:58:17 ART