[c-nsp] Cisco 2620 and Pix 515E Config help please
Gert Doering
gert at greenie.muc.de
Fri Apr 8 17:38:05 EDT 2005
hi,
On Thu, Apr 07, 2005 at 04:53:36PM -0400, Richard Danielli wrote:
> ip verify unicast reverse-path
> seems a bit redundant on a single path :)
Please re-read the docs on what this command *does*. It's a very good
idea, because it brings automatic (and fast) anti-source-spoofing filters.
In this specific context, it prevents people on the WAN side sending
packets with an IP address claiming to be from the LAN side (thus
circumventing firewall filters, etc.)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list