disable Spoof detection Inside

Unanswered Question
Sep 25th, 2008
User Badges:

Have a pix 515e in lab running 7.0x code. It is flooding me with Ip spoof messages. how do I disable Ip spoof detection on the inside interface. The addresses it claims are being spoofed are GRE tunnel endpoints that need to pass thru the pix.


I have this config running in production and don't get any spoof messages


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Fri, 09/26/2008 - 06:33
User Badges:
  • Gold, 750 points or more

Run :



sh run | in ip verify


You should see :


ip verify reverse-path interface inside



Do a " no "...


no ip verify reverse-path interface inside



If this does not help,maybe you can post the exact log message.


Regards,

Sushil

dmooreami Fri, 09/26/2008 - 07:00
User Badges:

had spoof off on the interfaces, there was no Ip verify reverse-path.


Ok here was the problem, I had static routes on the pix that pointed to subnets on the inside that were not present on my lab router.


Example, I had route to 192.168.99.7 but no 192.168.99.0/24 subnet. I created a loopback interface with that subnet and the spoofs that the pix was reporting to 99.7 went away.


Seems a guy in another thread had a similar problem but he didn't have a default route set for his outside interface


Once I went into my lab router and created loopbacks with the 3 subnets that were being spoofed, all spoof attacking ceased.


Actions

This Discussion