Hi All
We have a Strongswan cluster here which use a virtual interface which has a multicast mac address assigned.
We have replaced our old ASA 5520 with new 5585-X which now run 8.4.x instead of 8.2.x.
Now we get a LOT (more or less for every single packet) event ID 106021 "Deny UDP reverse path check from ...." messages, which we did not get before.
The virtual MAC of the Strongswan outside interface is: 01:00:5E:37:33:10
I have the "Anti Spoofing" feature of the ASA enabled on the affected interface.
Weird thing is, only the Standby ASA logs those messages, the Active does not log any error. Also it seems that everything with the Strongswan VPN is working fine.
Any ideas, or do I need to surpress those error messages or disable Anti Spoofing?
We did not get this error with the old ASA and the old software. We migrated the whole old configuration.
Thanks
Patrick