Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Lots of "Deny UDP reverse path check from ...." messages on Standby unit

Hi All


We have a Strongswan cluster here which use a virtual interface which has a multicast mac address assigned.

We have replaced our old ASA 5520 with new 5585-X which now run 8.4.x instead of 8.2.x.

Now we get a LOT (more or less for every single packet) event ID 106021 "Deny UDP reverse path check from ...." messages, which we did not get before.

The virtual MAC of the Strongswan outside interface is: 01:00:5E:37:33:10

I have the "Anti Spoofing" feature of the ASA enabled on the affected interface.

Weird thing is, only the Standby ASA logs those messages, the Active does not log any error. Also it seems that everything with the Strongswan VPN is working fine.

Any ideas, or do I need to surpress those error messages or disable Anti Spoofing?


We did not get this error with the old ASA and the old software. We migrated the whole old configuration.


Thanks

Patrick

250
Views
0
Helpful
0
Replies
CreatePlease login to create content