Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
0
Replies

Lots of "Deny UDP reverse path check from ...." messages on Standby unit

patoberli
VIP Alumni
VIP Alumni

‎07-25-2013 05:48 AM - edited ‎03-11-2019 07:17 PM

Hi All


We have a Strongswan cluster here which use a virtual interface which has a multicast mac address assigned.

We have replaced our old ASA 5520 with new 5585-X which now run 8.4.x instead of 8.2.x.

Now we get a LOT (more or less for every single packet) event ID 106021 "Deny UDP reverse path check from ...." messages, which we did not get before.

The virtual MAC of the Strongswan outside interface is: 01:00:5E:37:33:10

I have the "Anti Spoofing" feature of the ASA enabled on the affected interface.

Weird thing is, only the Standby ASA logs those messages, the Active does not log any error. Also it seems that everything with the Strongswan VPN is working fine.

Any ideas, or do I need to surpress those error messages or disable Anti Spoofing?


We did not get this error with the old ASA and the old software. We migrated the whole old configuration.


Thanks

Patrick

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card