cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
245
Views
0
Helpful
0
Replies
Beginner

Deny TCP reverse path check from Outside IP to NAT IP

This weekend I cut over our primary Internet connection to our new ISP. Our old ISP gave us just a X.X.X.X/27 block, but the new ISP gave me a Y.Y.Y.Y/29 to use with my Layer 3 equipment and a Z.Z.Z.Z/27 to use for NAT pool. I have everything all set up and working, except now I see some messages in the logs that say:

Deny TCP reverse path check from Y.Y.Y.Y to Z.Z.Z.Z on interface outside

I do have Anti-Spoofing enabled for this interface, and I wish to keep it enabled, but how do I go about letting the ASA know that these addresses aren't being spoofed, and to allow from my Public NAT IP pool? Thanks,

CreatePlease to create content