01-07-2009 08:24 AM - edited 03-06-2019 03:17 AM
On a router and ASA firewall, should RPF be enabled on all the given interfaces.
Solved! Go to Solution.
01-07-2009 08:34 AM
You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716
Jon
01-07-2009 12:14 PM
This is my understanding as well.
01-07-2009 08:29 AM
typically youd only apply it on your WAN interface as you should be trusting your LAN routes
01-07-2009 08:34 AM
You should generally apply it at the exit point to your network because within your network you may well have asymmetrical paths. Have a look at this doc which goes into where Unicast RPF should be used -
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html#wp1042716
Jon
01-07-2009 11:52 AM
What is difference between
ip verify unicast reverse-path
and
ip verify unicast source reachable-via any
What is the default Unicast RPF mode; loose or strict.
Regards.
01-07-2009 11:55 AM
In reguard to the first question:
R8(config-if)#ip verify unicast ?
reverse-path Reverse path validation of source address (old command format)
source Validation of source address
01-07-2009 12:12 PM
From this I understand that both of the above commands have the same effect, where in reverse-path is an old command.
Please confirm.
01-07-2009 12:14 PM
This is my understanding as well.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: