Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
0
Replies

ASA - IPv6 - Unicast Reverse Path Check Failure on MLD Report and Neighbor Solicitations

ldesmasures
Level 1
Level 1

‎12-23-2014 01:01 AM - edited ‎03-11-2019 10:15 PM

Hi all,

 

I just configured IPv6 (dual-stack) on an ASA in version 9.0x.

After few hours, I've seen the following messages in the logs :

Dec 22 2014 12:07:13: %ASA-1-106021: Deny IPv6-ICMP reverse path check from :: to ff02::16 on interface xxxxx
Dec 22 2014 12:07:17: %ASA-1-106021: Deny IPv6-ICMP reverse path check from :: to ff02::1:ffe8:abcd on interfacexxxx
....

 

After some researches, I found that this type of packet rely on IPv6 MLDv2 reports and Neighbor Solicitation messages from devices connected on the interface..

The source is "::" but it's a normal behavior in both cases. As described in the following RFC : http://tools.ietf.org/html/rfc3810#section-5.2.13 for MLDv2.

=> So, uRPF is dropping "normal" IPv6 multicast packets.

 

Does someone else saw this issue ?

 

I have done some searches in release notes and bug search tool and found nothing about this issue.

 

Thanks.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card