As this command is for additional security, wondering why this is disabled by 'default' on ASA? The only reason I see is 'interface' names is not standard (can be named anything). if not, any cons of using this command?
Thanks in advance.
It is an antispoofing mechanism that (if applied in all the internet routers and layer 3 devices) would prevent spoofing from scratch. Main issue is that some people have routes like 10.0.0.0 255.0.0.0.0 pointing to the inside and what they only have is just a /24 network, that would make any packet with a source of 10 coming from any interface (or the interface specified) to be blocked by the ASA.
However, if you know which networks should come from which interfaces there is not problem of turning it on.
Hope it helps.