Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
5
Helpful
4
Replies

Enable Unicast reverse path forwarding (urpf) on Cisco ASA ?

kaus2005007
Level 1
Level 1

‎05-21-2022 06:57 AM

Hello,
I want to enable reverse-path (URPF) on Cisco ASA where all my firewalls are in Active-standby mode.

We have default route configured towards outside interface.

I would like to know where do i need to enable URPF ? Inside or outside or both interfaces ?

Also, Will it cause any issues after implementaion under above mentioned scenario ?

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎05-21-2022 07:11 AM

https://www.danpol.net/cisco/firewalls/asa-unicast-reverse-path-forwarding-urpf/

 

check this link for some info. about the uRPF

0 Helpful

kaus2005007
Level 1
Level 1

‎05-21-2022 07:18 AM

Also in my scenario we have 2 edged upstream routers, So if there is any asymmetric routing on edge will it impact on prod environment ? as my firewalls are in Active-standby mode but on downstream of routers.

MHM Cisco World
VIP
VIP
In response to kaus2005007

‎05-21-2022 07:31 AM

downstream Router have static router? if yes then they ALWAYS point to active ASA.
if you want to use both ASA use context this make ASA Active/Active.

0 Helpful

Karsten Iwen
VIP
VIP

‎05-21-2022 08:23 AM

General rule of thumb: You can enable it on every interface where you never will see a source address that doesn't match the routing table. When you only have one ISP connected, you can enable it typically on all interfaces. If you have two (or more) ISPs connected, you can enable it on all non-outside-interfaces.

0 Helpful
Customers Also Viewed These Support Documents