PIX - AntiSpoofing

Unanswered Question
Nov 8th, 2009
User Badges:


I want to enable antispoofing on PIX firewall by using command ip verify reverse-path.

My understanding is I need to define a default route on the PIX before I can use this command. Is that true?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Mon, 11/09/2009 - 07:04
User Badges:
  • Cisco Employee,

That command will drop all traffic that it doesn't have a route to. The default route is where you are are expecting outside-unknown route traffic coming from. That is why you probably need a default route so you don't deny outside traffic.

Without a default route you probably will not have internet-outside access. I don't know your setup, but if you don't have it already you probably don't need it either.

I hope it helps.



This Discussion