Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

disable Spoof detection Inside

Have a pix 515e in lab running 7.0x code. It is flooding me with Ip spoof messages. how do I disable Ip spoof detection on the inside interface. The addresses it claims are being spoofed are GRE tunnel endpoints that need to pass thru the pix.

I have this config running in production and don't get any spoof messages

Thanks

2 REPLIES
Cisco Employee

Re: disable Spoof detection Inside

Run :

sh run | in ip verify

You should see :

ip verify reverse-path interface inside

Do a " no "...

no ip verify reverse-path interface inside

If this does not help,maybe you can post the exact log message.

Regards,

Sushil

New Member

Re: disable Spoof detection Inside

had spoof off on the interfaces, there was no Ip verify reverse-path.

Ok here was the problem, I had static routes on the pix that pointed to subnets on the inside that were not present on my lab router.

Example, I had route to 192.168.99.7 but no 192.168.99.0/24 subnet. I created a loopback interface with that subnet and the spoofs that the pix was reporting to 99.7 went away.

Seems a guy in another thread had a similar problem but he didn't have a default route set for his outside interface

Once I went into my lab router and created loopbacks with the 3 subnets that were being spoofed, all spoof attacking ceased.

379
Views
0
Helpful
2
Replies