The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF.
Choose the correct configuration.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.A.
The correct configuration to drop IPv6 headers with routing-type 0 using the MPF on the ASA is:
A. policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log
Here is a detailed explanation of why option A is the correct answer, and why the other options are incorrect:
Option A: policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log
This configuration creates an IPv6 policy-map named "IPv6_PMAP" of type inspect, which matches any IPv6 traffic with a routing-type header equal to 0, and drops it. The "log" keyword enables logging of dropped packets.
Option B: policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0 drop log
This configuration creates an ICMPv6 policy-map named "ICMPv6_PMAP" of type inspect, which matches any ICMPv6 traffic with a routing-type header equal to 0, and drops it. However, this option only matches ICMPv6 traffic, not all IPv6 traffic, so it is not a correct answer.
Option C: policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0 drop log
This configuration creates an IPv6-header policy-map named "HEADER_PMAP" of type inspect, which matches any IPv6 traffic with a routing-type header equal to 0, and drops it. However, this option only matches the IPv6 header, not the entire packet, so it is not a correct answer.
Option D: policy-map type inspect http HEADER_PMAP match routing-header 0 drop log
This configuration creates an HTTP policy-map named "HEADER_PMAP" of type inspect, which matches any HTTP traffic with a routing-header equal to 0, and drops it. However, this option only matches HTTP traffic, not all IPv6 traffic, so it is not a correct answer.
Option E: policy-map type inspect ipv6 IPv6_PMAP match header type 0 drop log
This configuration creates an IPv6 policy-map named "IPv6_PMAP" of type inspect, which matches any IPv6 traffic with a header type equal to 0, and drops it. However, "type" is not a valid keyword for matching IPv6 headers, so this option is not a correct answer.
Option F: policy-map type inspect ipv6-header HEADER_PMAP match header type 0
This configuration creates an IPv6-header policy-map named "HEADER_PMAP" of type inspect, which matches any IPv6 traffic with a header type equal to 0, but it does not specify what action should be taken, so it is not a correct answer.