https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074413#M914578 <HTML><HEAD></HEAD><BODY><P>You are very wellcome, please rate helpful posts.</P><P></P><P>Rgds</P><P>Jorge</P></BODY></HTML> Wed, 13 Aug 2008 16:17:16 GMT JORGE RODRIGUEZ 2008-08-13T16:17:16Z https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074410#M914560 <P>I'm in the process of setting up 2 ASA 5510 with Active/Standby Failover. I'm in the process of testing right now. I have a question about the Anti-spoofing feature. I've done some reading and got some mixed suggestions. Should just be turned on my outside and 2 DMZ interfaces so that RPF can be done on a sourced IP address? Or is this only done on the Inside interface which is where I want everthing protected?</P> Mon, 11 Mar 2019 13:30:45 GMT https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074410#M914560 kareem.afifi 2019-03-11T13:30:45Z https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074411#M914562 <HTML><HEAD></HEAD><BODY><P>You should have RPF on DMZ interfaces enabled as well, it also provides additional protection even if enabled on the inside interface as well. In fact RFP is used as best practice for security even from within your inside network, is not a requirement though for inside network devices. Personally I do have all interfaces on of our firewalls configured for RPF checks. </P><P></P><P>Cisco Guide to Harden Cisco IOS Devices</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml</A></P><P></P><P>Understanding Unicast Reverse Path Forwarding </P><P><A class="jive-link-custom" href="http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html" target="_blank">http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html</A></P><P></P><P></P><P>Rgds</P><P>Jorge</P></BODY></HTML> Wed, 13 Aug 2008 15:29:13 GMT https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074411#M914562 JORGE RODRIGUEZ 2008-08-13T15:29:13Z https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074412#M914572 <HTML><HEAD></HEAD><BODY><P>Thanks Jorge</P></BODY></HTML> Wed, 13 Aug 2008 15:59:05 GMT https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074412#M914572 kareem.afifi 2008-08-13T15:59:05Z https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074413#M914578 <HTML><HEAD></HEAD><BODY><P>You are very wellcome, please rate helpful posts.</P><P></P><P>Rgds</P><P>Jorge</P></BODY></HTML> Wed, 13 Aug 2008 16:17:16 GMT https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074413#M914578 JORGE RODRIGUEZ 2008-08-13T16:17:16Z https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074414#M914585 <HTML><HEAD></HEAD><BODY><P>done</P></BODY></HTML> Wed, 13 Aug 2008 16:18:02 GMT https://community.cisco.com/t5/network-security/asa-spoofing/m-p/1074414#M914585 kareem.afifi 2008-08-13T16:18:02Z