Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM 6.1 and Antispoofing

We recently upgraded to ASDM 6.1 and IOS 8.04 on a ASA 5520. I noticed while poking around the ASDM that under Firewall-->Advanced-->AntiSpoofing that the interfaces say that Antispoofing is not enabled.

I thought on these Cisco ASA's that antispoofing is on by default. Is this feature related to something else. Any information would really help.

1 REPLY
Silver

Re: ASDM 6.1 and Antispoofing

The feature is disabled by default and you have to enable then same when required.Antispoofing capabilities deployed throughout the network can reduce the likelihood of spoofed packet exploitation as well as aid in attack traceback.Antispoofing protection in the form of unicast Reverse Path Forwarding (uRPF) can provide limited mitigation if properly configured. This feature should not be relied upon to provide 100% mitigation since spoofed packets may still enter the network from the interface expected by uRPF. Care must be taken to ensure that the appropriate uRPF mode (loose or strict) is configured to ensure that legitimate packets are not dropped.

741
Views
0
Helpful
1
Replies