04-06-2020 02:08 AM
Hi forums,
I recently discovered a strange phenomenon on one of our managed ASAs that I couldn't quite figure out.
* Hardware: 2xASA5545 running AS OS 9.8(3)29
* uRPF ist enabled via 'ip verify reverse-path interface <if>'
* cluster protocol packets are being dropped due to "Deny SCPS reverse path check from <stby-ip> to <active-ip> on interface <if>", ping packets from one node to the other are dropped for the same reason
Why does 'ip verify reverse-path' lead to this behaviour? The interface IP adresses are in a network connected to the ASAs (naturally), which correctly shows up in 'show route' output as directly connected.
Thanks a lot and best regards
Solved! Go to Solution.
04-06-2020 02:25 AM
Hi,
I remember meeting with this behaviour couple of times some years ago, it was a bug. See it hits again and most probably affects you as well, see here.
Regards,
Cristian Matei.
04-06-2020 02:25 AM
Hi,
I remember meeting with this behaviour couple of times some years ago, it was a bug. See it hits again and most probably affects you as well, see here.
Regards,
Cristian Matei.
04-06-2020 03:58 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide