cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
409
Views
0
Helpful
1
Replies

ASA 5550 8.4 Anti-spoofing

Kristen Sims
Level 1
Level 1

I have an odd scenario but need help with anti-spoofing on my outside interface. I have a subnet of our network IPs outside my firewall that needs allowed inside. I had do disable anti-spoofing on my outside interface to allow this subnet into our network or it was seen as being spoofed and dropped. I need to get anti-spoofing enabled but I need to not have anti-spoofing used on that subnet. Help!

1 Reply 1

It is not possible to disable antispoofing for a select subnet as the ASA uses its routing table for these checks.  So you might want to try putting static routes to those IPs...that is if the subnet is not directly connected to the ASA.

Another thing you could do, as a work-around, is to confiugre deny rules for your LAN subnets but explicitly permit the IPs that are on the outside interface then apply that ACL to your outside interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card