Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
408
Views
0
Helpful
1
Replies

ASA 5550 8.4 Anti-spoofing

Kristen Sims
Level 1
Level 1

ā€Ž06-27-2014 09:59 AM - edited ā€Ž03-11-2019 09:23 PM

I have an odd scenario but need help with anti-spoofing on my outside interface. I have a subnet of our network IPs outside my firewall that needs allowed inside. I had do disable anti-spoofing on my outside interface to allow this subnet into our network or it was seen as being spoofed and dropped. I need to get anti-spoofing enabled but I need to not have anti-spoofing used on that subnet. Help!

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

ā€Ž06-27-2014 01:03 PM

It is not possible to disable antispoofing for a select subnet as the ASA uses its routing table for these checks.  So you might want to try putting static routes to those IPs...that is if the subnet is not directly connected to the ASA.

Another thing you could do, as a work-around, is to confiugre deny rules for your LAN subnets but explicitly permit the IPs that are on the outside interface then apply that ACL to your outside interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card