"One computer in the field that VPNs into us is CONSTANTLY sending these messages in the log."
What do you mean by this?
The computer X has an ip address of 10.10.10.150 (DHCP from VPN connection) for example and connecting through a Router/VPN appliance at 10.10.10.165 and routes to your internal network. From there, he accesses your file server at 10.10.10.250 and you see in your logs,
- Traffic being blocked from 10.10.10.150 (computer X) to 10.10.10.250 (file server).
If this is the case, than one of a few possible things, first the VPN'ing machine has IPv6 broadcast (not likely).
Second, the network that he is connecting (his ISP) is using IPv6 in their back end network to route over the "cloud"
Third, your router/firewall/VPN appliance has IPv6 passthrough enabled.
Fourth, your ISP is using some IPv6 for their backend and you have not been informed (not likely either).
Just a few possible probabilities.
Most likely culprit is your router/firewall/VPN appliance, in my opinion.
Symantec? Paul? Anyone have any insight on this?