Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5550 8.4 Anti-spoofing

I have an odd scenario but need help with anti-spoofing on my outside interface. I have a subnet of our network IPs outside my firewall that needs allowed inside. I had do disable anti-spoofing on my outside interface to allow this subnet into our network or it was seen as being spoofed and dropped. I need to get anti-spoofing enabled but I need to not have anti-spoofing used on that subnet. Help!

1 REPLY
VIP Green

It is not possible to disable

It is not possible to disable antispoofing for a select subnet as the ASA uses its routing table for these checks.  So you might want to try putting static routes to those IPs...that is if the subnet is not directly connected to the ASA.

Another thing you could do, as a work-around, is to confiugre deny rules for your LAN subnets but explicitly permit the IPs that are on the outside interface then apply that ACL to your outside interface.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
37
Views
0
Helpful
1
Replies