09-25-2008 01:36 PM - edited 03-11-2019 06:49 AM
Have a pix 515e in lab running 7.0x code. It is flooding me with Ip spoof messages. how do I disable Ip spoof detection on the inside interface. The addresses it claims are being spoofed are GRE tunnel endpoints that need to pass thru the pix.
I have this config running in production and don't get any spoof messages
Thanks
09-26-2008 06:33 AM
Run :
sh run | in ip verify
You should see :
ip verify reverse-path interface inside
Do a " no "...
no ip verify reverse-path interface inside
If this does not help,maybe you can post the exact log message.
Regards,
Sushil
09-26-2008 07:00 AM
had spoof off on the interfaces, there was no Ip verify reverse-path.
Ok here was the problem, I had static routes on the pix that pointed to subnets on the inside that were not present on my lab router.
Example, I had route to 192.168.99.7 but no 192.168.99.0/24 subnet. I created a loopback interface with that subnet and the spoofs that the pix was reporting to 99.7 went away.
Seems a guy in another thread had a similar problem but he didn't have a default route set for his outside interface
Once I went into my lab router and created loopbacks with the 3 subnets that were being spoofed, all spoof attacking ceased.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide