Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11500 + IP SPoofing trouble with inbound connections

Hello, may be I've posted in wrong brunch,if it true, move it please to the necessary one. Sorry for my English :)

I have Cisco CSS 11500 and caching server that can spoof IP's. Network scheme and configs are as described in

From clients computer webbrowsing works normal , but when there is need in inbound connetion here is problem. After some troubleshoting i have noticed that from some ip's i can ping clients computers but from others I can't even if they are in one network /24 ... this is because ip routing

ip route 1

ip route 1

SO Css is trying to balance load to two links BUT only one link is to clients! (other is to caching server).

How can i resolve this problem??? If i write metric on route to cache server bigger than to clients then this scheme can't work...


Re: CSS 11500 + IP SPoofing trouble with inbound connections

Many network attacks rely on an attacker that falsifies, or spoofs, the source addresses of IP datagrams. Some attacks rely on spoofing in order for the attack to work. Other attacks are much harder to trace if the attackers can use the address of someone else instead of their own address. Therefore, to prevent spoofing wherever it is feasible is valuable for network administrators.

Antispoofing should be done at every point in the network where it is practical. But antispoofing is usually both easiest to do and most effective at the borders between large address blocks or between domains of network administration. Antispoofing on every router in a network is usually impractical because determination of which source addresses can legitimately appear on any given interface is difficult.

For Improve security on CSS 11500 click this link.

New Member

Re: CSS 11500 + IP SPoofing trouble with inbound connections

Have you read my question????or may be only subject?? please read it once more because my question is not about IP Spoofing Attacks...