Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2931
Views
3
Helpful
2
Replies

IS there any drawback to enable anti-spoofing in all PIX or ASA interfaces

sightlay8
Level 1
Level 1

‎05-31-2011 11:24 AM - edited ‎03-11-2019 01:40 PM

We are runing PIX 535 with software version 8.02. In ASDM,  I see  anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?

Thanks

Labels:
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎06-01-2011 06:26 AM

Hello,

Assuming your routing is setup correctly on the PIX, enabling reverse path checking should not have a negative effect. This feature should only drop traffic that is received on an incorrect interface, based on the PIX's routing table (i.e. traffic sourced from one of your internal IP addresses arrives on the outside interface).

More details on what this feature does can be found here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1839270

Hope that helps.

-Mike

sightlay8
Level 1
Level 1
In response to mirober2

‎06-01-2011 07:06 AM

Thanks fo ryou answer.

I am wondering  if that is one of securuty feature in the security aplicance, why that is not enalbe by default?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card