Deny TCP reverse path check from Outside IP to NAT IP
This weekend I cut over our primary Internet connection to our new ISP. Our old ISP gave us just a X.X.X.X/27 block, but the new ISP gave me a Y.Y.Y.Y/29 to use with my Layer 3 equipment and a Z.Z.Z.Z/27 to use for NAT pool. I have everything all set up and working, except now I see some messages in the logs that say:
Deny TCP reverse path check from Y.Y.Y.Y to Z.Z.Z.Z on interface outside
I do have Anti-Spoofing enabled for this interface, and I wish to keep it enabled, but how do I go about letting the ASA know that these addresses aren't being spoofed, and to allow from my Public NAT IP pool? Thanks,
Hi, I want to redistribute OMP routes to BGP, i have the doubt if all of the OMP prefixes located in the local vEdge will be redistributed to BGP or just the connected+static networks located in the vEdge. Also how can i restrict some OMP prefix...
Let's say we have two routers configured as RP candidates for auto-RP: R1 - "advertising" its loopback0 interface IP address 18.104.22.168 as the RP for these groups:22.214.171.124/32126.96.36.199/32188.8.131.52/24184.108.40.206/16 R2 - "advertising" its loopback0 int...
hi,i just performed an IOS upgrade and got a report that admin can't create L2 VLANs.i noticed the 'vtp primary force' and 'vtp primary mst' was applied to one of the core switch and perhaps got lost after the upgrade.how to keep the VTP primary persisten...
Meet the Authors Event - How to Troubleshoot Network Problems with Vinit Jain
(Live event – Wednesday, February 12th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event had place on Wednesday 12th, February 2020 at 10hrs PDT ...