05-31-2011 11:24 AM - edited 03-11-2019 01:40 PM
We are runing PIX 535 with software version 8.02. In ASDM, I see anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?
Thanks
06-01-2011 06:26 AM
Hello,
Assuming your routing is setup correctly on the PIX, enabling reverse path checking should not have a negative effect. This feature should only drop traffic that is received on an incorrect interface, based on the PIX's routing table (i.e. traffic sourced from one of your internal IP addresses arrives on the outside interface).
More details on what this feature does can be found here:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1839270
Hope that helps.
-Mike
06-01-2011 07:06 AM
Thanks fo ryou answer.
I am wondering if that is one of securuty feature in the security aplicance, why that is not enalbe by default?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide