ip verify reverse-path interface inside and outside???
I'm currently trying to troubleshoot an issue I have with my ASA5505 for my home office network. Do you guys recommend having "ip verify reverse-path interface" enable on both inside and outside? The issue I'm trying to troubleshoot is located at the link below. Let me know what you guys think.
Re: ip verify reverse-path interface inside and outside???
Leo,theip verify reverse-path interface is disable by default,I personally recommend to have this feature enable I have this enable in all of our PIX515s interfaces and would do it on ASA5500's but the reason for if to provide more security even from within on medium/large internal networks.
This is one what this command does, and I quote from link bellow !
Unicast RPF guards against IP spoofing (a packet uses an incorrect source IP address to obscure its true source) by ensuring that all packets have a source IP address that matches the correct source interface according to the routing table.
On your other thread, have you check cisco bug tools for your code, try creating a time line when this issue began, and what was done on the firewall or your ISP provider, if this happens every 30 days it seems to me it could be your cable modem, when you loose connectivity have you tried rebooting the cable modem and see if asa re-stablish connectivity.. systematically troubleshoot the problem and norrow it down, for example, if you have a spare switch or mini hub connect cable modem to hub and ASA outside interface to hub when you loose connectivity disconnect ASA outside interface from hub and use a labtop configured with asa outside interface IP and DNS IP and see if you can get out, this has to be done when the connection is disrubted. If you suspect is the ip verify reverse-path interface then disable it when connection is disrubted and see if asa resumes connectivity, reenable it again when done.. this way you could start eliminating suspected points of failures.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :