01-07-2009 08:24 AM - edited 03-06-2019 03:17 AM
On a router and ASA firewall, should RPF be enabled on all the given interfaces.
Solved! Go to Solution.
01-07-2009 08:34 AM
You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716
Jon
01-07-2009 12:14 PM
This is my understanding as well.
01-07-2009 08:29 AM
typically youd only apply it on your WAN interface as you should be trusting your LAN routes
01-07-2009 08:34 AM
You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716
Jon
01-07-2009 11:52 AM
What is difference between
ip verify unicast reverse-path
and
ip verify unicast source reachable-via any
What is the default Unicast RPF mode; loose or strict.
Regards.
01-07-2009 11:55 AM
In reguard to the first question:
R8(config-if)#ip verify unicast ?
reverse-path Reverse path validation of source address (old command format)
source Validation of source address
01-07-2009 12:12 PM
From this I understand that both of the above commands have the same effect, where in reverse-path is an old command.
Please confirm.
01-07-2009 12:14 PM
This is my understanding as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide