Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ip verify reverse-path interface inside and outside???

I'm currently trying to troubleshoot an issue I have with my ASA5505 for my home office network. Do you guys recommend having "ip verify reverse-path interface" enable on both inside and outside? The issue I'm trying to troubleshoot is located at the link below. Let me know what you guys think.



Re: ip verify reverse-path interface inside and outside???

Leo,theip verify reverse-path interface is disable by default,I personally recommend to have this feature enable I have this enable in all of our PIX515s interfaces and would do it on ASA5500's but the reason for if to provide more security even from within on medium/large internal networks.

This is one what this command does, and I quote from link bellow !

Unicast RPF guards against IP spoofing (a packet uses an incorrect source IP address to obscure its true source) by ensuring that all packets have a source IP address that matches the correct source interface according to the routing table.

On your other thread, have you check cisco bug tools for your code, try creating a time line when this issue began, and what was done on the firewall or your ISP provider, if this happens every 30 days it seems to me it could be your cable modem, when you loose connectivity have you tried rebooting the cable modem and see if asa re-stablish connectivity.. systematically troubleshoot the problem and norrow it down, for example, if you have a spare switch or mini hub connect cable modem to hub and ASA outside interface to hub when you loose connectivity disconnect ASA outside interface from hub and use a labtop configured with asa outside interface IP and DNS IP and see if you can get out, this has to be done when the connection is disrubted. If you suspect is the ip verify reverse-path interface then disable it when connection is disrubted and see if asa resumes connectivity, reenable it again when done.. this way you could start eliminating suspected points of failures.

Pls rate any helpful posts!



New Member

Re: ip verify reverse-path interface inside and outside???

Could this be related to hardware? Meaning a hardware issue with the ASA? I somehow think not, but what to know what someone else has to say.

CreatePlease to create content