Deny IP Spoofing - ASA

jag_lin84 — Mon, 11 Mar 2019 16:23:41 GMT

Hi all,

Currently i am running a Cisco ASA v8.0 IOS w/ UR license.

I have a web server running behind the ASA (In the DMZ network) and an inside network (with access to the internet).

I do run a host -monitoring software which polls the corporate website on my company.

However recently, i noticed that the PCs within the inside network are not able to access the corporate website.

Upon checking up the logs, this is what i get :

Deny IP spoof from (203.X.X.X) to 58.X.X.X on interface outside

The 203.X.X.X is my legitimate WAN address for those in the inside network where as 58.X.X.X would refer to the WAN IP for the corp web.

This is affecting me from monitoring the status of my corp web.

Other users with other IPs are able to view my website with no issues. Is there any way i can stop the ASA from denying the legitimate IP?

It worked fine previously but it started having problems ever since i tried to implement a web application firewall.

I have since removed the web app firewall and rolled - backed to the previous network configuration, but starting having this problem ever since then.

Your help is very much appreciated!

Thanks!

Re: Deny IP Spoofing - ASA

dhananjoy chowdhury — Wed, 07 Oct 2009 07:12:10 GMT

It seems the packets from the subnet 203.X.X.X are not coming to the correct interface on the ASA.

The route for the subnet 203.X.X.X on the ASA is on some other interface.

Re: Deny IP Spoofing - ASA

uzair syed naveed — Wed, 07 Oct 2009 10:26:59 GMT

use this command in your configuration...

" ip verify reverse-path interface outside "

This command help to prevent ip spoofing attacks arising from the outside interface.

topic Re: Deny IP Spoofing - ASA in Network Security

Deny IP Spoofing - ASA

Re: Deny IP Spoofing - ASA

Re: Deny IP Spoofing - ASA