[c-nsp] Cisco ASA Unicast RPF and GRE
Ivan
cisco-nsp at itpro.co.nz
Wed Feb 20 02:45:14 EST 2008
I suspect my ASA is performing Unicast RPF filtering on the GRE
encapsulated packets passing through it - i.e. looking into the packet
that the GRE header is encapsulating. Has anyone else come across this?
I get the following log message
%ASA-1-106021: Deny GRE reverse path check from x.x.x.x to y.y.y.y on
interface xxxx
x.x.x.x and y.y.y.y are both directly connected to the ASA and are the
GRE tunnel source and destination addresses so I don't see how there
could be any confusion as to where these addresses are. The addresses
in the header of the packet that GRE encapsulates is another story and
thus I suspect the ASA may be looking into the GRE packets payload.
ASA5520 running 7.2
Thanks
Ivan
More information about the cisco-nsp
mailing list