PIX - AntiSpoofing

Unanswered Question
Nov 8th, 2009

Hi,


I want to enable antispoofing on PIX firewall by using command ip verify reverse-path.


My understanding is I need to define a default route on the PIX before I can use this command. Is that true?


Regards,

Eric

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 11/09/2009 - 07:04

That command will drop all traffic that it doesn't have a route to. The default route is where you are are expecting outside-unknown route traffic coming from. That is why you probably need a default route so you don't deny outside traffic.


Without a default route you probably will not have internet-outside access. I don't know your setup, but if you don't have it already you probably don't need it either.


I hope it helps.


PK



Actions

This Discussion