In an effort to protect my network from IP Spoofing, I was thinking about applying the "ip verify-reverse path" command to my inside and outside interfaces.
Just curious as to if anyone uses this command or has any other suggestions.
Absolutely you should implement this feature. I also suggest that you implement RFC 1918 filtering... blocking the 10 net, 192.168.x.x, and 172.16 - 172.31.x.x addresses from coming into your network from the internet... these addresses should never traverse the internet... they are common sources of spoofed addresses in denial of service attacks.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.