05-21-2022 06:57 AM
Hello,
I want to enable reverse-path (URPF) on Cisco ASA where all my firewalls are in Active-standby mode.
We have default route configured towards outside interface.
I would like to know where do i need to enable URPF ? Inside or outside or both interfaces ?
Also, Will it cause any issues after implementaion under above mentioned scenario ?
05-21-2022 07:11 AM
https://www.danpol.net/cisco/firewalls/asa-unicast-reverse-path-forwarding-urpf/
check this link for some info. about the uRPF
05-21-2022 07:18 AM
Also in my scenario we have 2 edged upstream routers, So if there is any asymmetric routing on edge will it impact on prod environment ? as my firewalls are in Active-standby mode but on downstream of routers.
05-21-2022 07:31 AM
downstream Router have static router? if yes then they ALWAYS point to active ASA.
if you want to use both ASA use context this make ASA Active/Active.
05-21-2022 08:23 AM
General rule of thumb: You can enable it on every interface where you never will see a source address that doesn't match the routing table. When you only have one ISP connected, you can enable it typically on all interfaces. If you have two (or more) ISPs connected, you can enable it on all non-outside-interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide