Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1101
Views
0
Helpful
1
Replies

Traceroute + Antispoofing on not default route

joseluis.pedrosa
Level 1
Level 1

‎06-25-2011 12:18 PM - edited ‎03-11-2019 01:50 PM

Hi all,

I've enabled antispoof on all interfaces on asa 5510

If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.

If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.

I have ICMP inspection and icmp-error inspection enabled.

is there any way to solve this?

Labels:
0 Helpful
1 Reply 1

joseluis.pedrosa
Level 1
Level 1

‎06-25-2011 01:16 PM

Humm...

Do you really think it's a good idea to add other default route in other interface????

I'm afraid that would completely break conectivity.

I'd say youre saying there's no fix.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card