08-16-2013 04:42 AM - edited 03-11-2019 07:26 PM
Hi,
if we enable unicast rpf on asa 5585x, does it mean ip spoofing is enabled? How do we verify this?
is there any other anti spoof mechanisms available in this firewall.
Thanks in advance!
Solved! Go to Solution.
08-16-2013 04:52 AM
Hi,
You use the following command
ip verify reverse-path interface
It will mean that the in addition to the normal route lookup with regards to the destination IP address, the ASA will also check its routing table for the source IP address. If it doesnt find a route for the source IP address through the interface which the packet entered in, it will drop it.
After enabling the above command for some interface you can use the following command to verify the statistics
show ip verify statistics
The ASA will also generate log messages from these dropped packets
- Jouni
08-16-2013 04:52 AM
Hi,
You use the following command
ip verify reverse-path interface
It will mean that the in addition to the normal route lookup with regards to the destination IP address, the ASA will also check its routing table for the source IP address. If it doesnt find a route for the source IP address through the interface which the packet entered in, it will drop it.
After enabling the above command for some interface you can use the following command to verify the statistics
show ip verify statistics
The ASA will also generate log messages from these dropped packets
- Jouni
08-16-2013 04:55 AM
Thanks. Do we have any other anti spoof mechansims availabe in asa.
08-16-2013 05:04 AM
Hi,
Here is some document even though a bit older one.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml
Also you could take a look at this discussion (I have not read it through myself but seems to relate to the subject)
https://supportforums.cisco.com/thread/2152269
Seems the ASA Configuration Guide doesnt provide that much specific information in itself
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/protect_tools.html
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide