i have a problem with "ip verify reverse-path interface inside".
We have a very restricted admin-network, where we have the admin-interfaces of several servers, firewalls and other networkstuff. The perimeter firewall to the outside (asa5580 8.2) has also the management-interface (management-only) in this admin-network. When we than have sometimes traffic from these admin-network via another firewalll through the perimeter firewall, the traffic is blocked cause of reverse-path check.
The perimeter firewall has an interface in the admin-network and is getting those traffic on the inside interface. This traffic is blocked althrough the management-interface is management-only. Of cause i could make the perimeter firewall the admin-network firewall, but i don't like that, because our admin-network is special secured and a separate physikal infrastructure.
Is there a possibility to selectivly disable the reverse check for the admin-network or to ignore the hole managment-interface for all the routing stuff?
Internet ------ Firewall ------------- inside
| T T T
tnx Joerg Vreemann