cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1445
Views
0
Helpful
2
Replies

deny udp reverse path check after cloning VM

h.dam
Level 1
Level 1

Hello,

On my ASA 5525-X, this message "Deny udp reverse path check on interface x" annoyed me very much each time after deleting and then reinstallating the VMs.

It happened between v-management hosts and vcenter host.

The workaround is: clear route all on ASA.

Removing ip reverse path command line on interface is another solution but I'd like to protect my networks behind the firewall.

 

My questions are:

1) It seems to me an arp issue but clear arp command didn't give effect. Only clear route command is working. I checked the routes using ping and traceroute showing no issue. Anyone can explain why?

2) I also doubted if something changed on cloning VM but I checked the arp table on ASA => no change

 

Someone has this experience?

 

Thank you in advance.

2 Replies 2

steven_dolan7
Level 1
Level 1

Do you know why the Address is failing URPF in the first place? 

 

Is the route to the host on an incorrect interface?

 

 

Hello,

The route to the host is on the correct interface.

I've checked the route using SHOW ROUTE on the FW and TRACEROUTE on a laptop.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: