We recently upgraded to ASDM 6.1 and IOS 8.04 on a ASA 5520. I noticed while poking around the ASDM that under Firewall-->Advanced-->AntiSpoofing that the interfaces say that Antispoofing is not enabled.
I thought on these Cisco ASA's that antispoofing is on by default. Is this feature related to something else. Any information would really help.
The feature is disabled by default and you have to enable then same when required.Antispoofing capabilities deployed throughout the network can reduce the likelihood of spoofed packet exploitation as well as aid in attack traceback.Antispoofing protection in the form of unicast Reverse Path Forwarding (uRPF) can provide limited mitigation if properly configured. This feature should not be relied upon to provide 100% mitigation since spoofed packets may still enter the network from the interface expected by uRPF. Care must be taken to ensure that the appropriate uRPF mode (loose or strict) is configured to ensure that legitimate packets are not dropped.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...