https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895143#M157095 <P>When we have enabled Unicast RPF on Cisco ASA, The RPF drops on the outside interface keeps on increasing and we are getting many alerts. I understand that it's an expected behavior, So how we can find the logs filtered for this particular drops or any solution to bring the drops down. Kindly let me know. Thanks in advance.</P> <P></P> <P></P> <P>Thanks &amp; Regards</P> <P>Soosai Silvester</P> Tue, 12 Mar 2019 07:59:37 GMT ssilvest 2019-03-12T07:59:37Z https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895143#M157095 <P>When we have enabled Unicast RPF on Cisco ASA, The RPF drops on the outside interface keeps on increasing and we are getting many alerts. I understand that it's an expected behavior, So how we can find the logs filtered for this particular drops or any solution to bring the drops down. Kindly let me know. Thanks in advance.</P> <P></P> <P></P> <P>Thanks &amp; Regards</P> <P>Soosai Silvester</P> Tue, 12 Mar 2019 07:59:37 GMT https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895143#M157095 ssilvest 2019-03-12T07:59:37Z https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895144#M157096 <P>Assuming that you have your routing table correct you'll only be able to bring the drops down by asking attackers to stop spoofing your IP addresses.</P> Wed, 06 Jul 2016 05:09:41 GMT https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895144#M157096 Philip D'Ath 2016-07-06T05:09:41Z https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895145#M157097 <P>Hi Soosai,</P> <P></P> <P>You can use the command sh asp drop for checking the logs.</P> <P></P> <P><G class="gr_ gr_100 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" id="100" data-gr-id="100">Also</G>&nbsp;check this command:</P> <P></P> <P>The <STRONG>show <G class="gr_ gr_75 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" id="75" data-gr-id="75">ip</G> verify statistics</STRONG> command can provide information about Unicast RPF statistics on a PIX/ASA/FWSM firewall. The following example shows 21 drops by Unicast RPF on the outside interface and 2738 packets dropped by Unicast RPF on the inside interface. Dropped packets should be investigated to determine their source and administrators should consider whether the packets indicate attempts to circumvent network security.</P> <BLOCKQUOTE> <PRE class="prettyprint">R4-ASA5520a# <STRONG>show ip verify statistics</STRONG> interface outside: <STRONG>21 unicast rpf drops</STRONG> interface inside: <STRONG>2738 unicast rpf drops</STRONG> interface vpn: 0 unicast rpf drops R4-ASA5520a#</PRE> </BLOCKQUOTE> <P></P> <P>More info:</P> <P>http://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html</P> <P></P> <P>To bring these errors down please check the source routing for the packets.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> <P></P> <P></P> Wed, 06 Jul 2016 05:18:49 GMT https://community.cisco.com/t5/network-security/unicast-reverse-path-on-cisco-asa/m-p/2895145#M157097 Aditya Ganjoo 2016-07-06T05:18:49Z