cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


374
Views
0
Helpful
2
Replies
Highlighted
Beginner

deny udp reverse path check after cloning VM

Hello,

On my ASA 5525-X, this message "Deny udp reverse path check on interface x" annoyed me very much each time after deleting and then reinstallating the VMs.

It happened between v-management hosts and vcenter host.

The workaround is: clear route all on ASA.

Removing ip reverse path command line on interface is another solution but I'd like to protect my networks behind the firewall.

 

My questions are:

1) It seems to me an arp issue but clear arp command didn't give effect. Only clear route command is working. I checked the routes using ping and traceroute showing no issue. Anyone can explain why?

2) I also doubted if something changed on cloning VM but I checked the arp table on ASA => no change

 

Someone has this experience?

 

Thank you in advance.

Everyone's tags (1)
2 REPLIES 2
Beginner

Re: deny udp reverse path check after cloning VM

Do you know why the Address is failing URPF in the first place? 

 

Is the route to the host on an incorrect interface?

 

 

Beginner

Re: deny udp reverse path check after cloning VM

Hello,

The route to the host is on the correct interface.

I've checked the route using SHOW ROUTE on the FW and TRACEROUTE on a laptop.