The ASA can be configured to drop IPv6 headers with routing-type 0 using the MPF.
Choose the correct configuration.
A.
The correct configuration to drop IPv6 headers with routing-type 0 using the MPF on the ASA is:
A. policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log
Here is a detailed explanation of why option A is the correct answer, and why the other options are incorrect:
Option A: policy-map type inspect ipv6 IPv6_PMAP match header routing-type eq 0 drop log
This configuration creates an IPv6 policy-map named "IPv6_PMAP" of type inspect, which matches any IPv6 traffic with a routing-type header equal to 0, and drops it. The "log" keyword enables logging of dropped packets.
Option B: policy-map type inspect icmpv6 ICMPv6_PMAP match header routing-type eq 0 drop log
This configuration creates an ICMPv6 policy-map named "ICMPv6_PMAP" of type inspect, which matches any ICMPv6 traffic with a routing-type header equal to 0, and drops it. However, this option only matches ICMPv6 traffic, not all IPv6 traffic, so it is not a correct answer.
Option C: policy-map type inspect ipv6-header HEADER_PMAP match header routing-type eq 0 drop log
This configuration creates an IPv6-header policy-map named "HEADER_PMAP" of type inspect, which matches any IPv6 traffic with a routing-type header equal to 0, and drops it. However, this option only matches the IPv6 header, not the entire packet, so it is not a correct answer.
Option D: policy-map type inspect http HEADER_PMAP match routing-header 0 drop log
This configuration creates an HTTP policy-map named "HEADER_PMAP" of type inspect, which matches any HTTP traffic with a routing-header equal to 0, and drops it. However, this option only matches HTTP traffic, not all IPv6 traffic, so it is not a correct answer.
Option E: policy-map type inspect ipv6 IPv6_PMAP match header type 0 drop log
This configuration creates an IPv6 policy-map named "IPv6_PMAP" of type inspect, which matches any IPv6 traffic with a header type equal to 0, and drops it. However, "type" is not a valid keyword for matching IPv6 headers, so this option is not a correct answer.
Option F: policy-map type inspect ipv6-header HEADER_PMAP match header type 0
This configuration creates an IPv6-header policy-map named "HEADER_PMAP" of type inspect, which matches any IPv6 traffic with a header type equal to 0, but it does not specify what action should be taken, so it is not a correct answer.