ip verify unicast reverse-path

Answered Question
Jan 7th, 2009

On a router and ASA firewall, should RPF be enabled on all the given interfaces.

I have this problem too.
0 votes
Correct Answer by mikegrous about 7 years 9 months ago

This is my understanding as well.

Correct Answer by Jon Marshall about 7 years 9 months ago

You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
mikegrous Wed, 01/07/2009 - 08:29

typically youd only apply it on your WAN interface as you should be trusting your LAN routes

cisco_lite Wed, 01/07/2009 - 11:52

What is difference between

ip verify unicast reverse-path


ip verify unicast source reachable-via any

What is the default Unicast RPF mode; loose or strict.


mikegrous Wed, 01/07/2009 - 11:55

In reguard to the first question:

R8(config-if)#ip verify unicast ?

reverse-path Reverse path validation of source address (old command format)

source Validation of source address

cisco_lite Wed, 01/07/2009 - 12:12

From this I understand that both of the above commands have the same effect, where in reverse-path is an old command.

Please confirm.


This Discussion