This command makes the ASA to check the source of the packet comming in an interface. The firewall will see if it has a route for the source of the packed and if the route if through the interface where the packet came from.
That means, if the firewall have a route for 192.168.1.0/24 on interface inside and a packet with source 192.168.1.38 comes in interface DMZ the ASA will block it supposing it's spoofed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...