Hello,

I have a cisco 5550-X with

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

options configured.

There are not ACLs configured either.

IPv4 traffic flows fine but I'm having troubles with IPv6. (OSPFv3 is not forming adj either).

Below is the output of a packet-tracker command using the ipv6 addresses. All Phases show Result: ALLOW, however the end result is

Drop-reason: (acl-drop) Flow is denied by configured rule.

any ideas?

Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffce194060, priority=13, domain=capture, deny=false
        hits=24571, user_data=0x7fffcd988be0, cs_id=0x0, l3_type=0x0
        src mac=0000.0000.0000, mask=0000.0000.0000
        dst mac=0000.0000.0000, mask=0000.0000.0000
        input_ifc=outside, output_ifc=any

Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcd889350, priority=1, domain=permit, deny=false
        hits=9, user_data=0x0, cs_id=0x0, l3_type=0xdd86
        src mac=0000.0000.0000, mask=0000.0000.0000
        dst mac=0000.0000.0000, mask=0100.0000.0000
        input_ifc=outside, output_ifc=any

Phase: 3
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop x:x:x:x:x:x:x:x using egress ifc  identity

Phase: 4
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcda945b0, priority=120, domain=permit, deny=false
        hits=8, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=58
        src ip/id=::/0, icmp-type=0, tag=any
        dst ip/id=::/0, icmp-code=0, tag=any
        input_ifc=outside, output_ifc=identity

Phase: 5
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcd2ad210, priority=0, domain=nat-per-session, deny=true
        hits=9, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0
        src ip/id=::/0, port=0, tag=any
        dst ip/id=::/0, port=0, tag=any
        input_ifc=any, output_ifc=any

Phase: 6
Type: CLUSTER-REDIRECT
Subtype: cluster-redirect
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcd889c60, priority=208, domain=cluster-redirect, deny=false
        hits=9, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=::/0, port=0, tag=any
        dst ip/id=::/0, port=0, tag=any
        input_ifc=outside, output_ifc=identity

Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcda94ee0, priority=66, domain=inspect-icmp, deny=false
        hits=9, user_data=0x7fffcd965ac0, cs_id=0x0, use_real_addr, flags=0x0, protocol=58
        src ip/id=::/0, icmp-type=0, tag=any
        dst ip/id=::/0, icmp-code=0, tag=any
        input_ifc=outside, output_ifc=identity

Phase: 8
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:       
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffcda95540, priority=66, domain=inspect-icmp-error, deny=false
        hits=9, user_data=0x7fffcd9648e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=58
        src ip/id=::/0, icmp-type=0, tag=any
        dst ip/id=::/0, icmp-code=0, tag=any
        input_ifc=outside, output_ifc=any

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule