CCNP Security Question of the Week

Which ASA feature can be used to automatically prevent the spoofing of internal source addresses from outside networks?

  1. ACLs
  2. uRPF
  3. AIP-SSM
  4. Shunning


The answer is 2.

Specifying Cisco ASA adaptive security appliance per-interface access rules to protect against source-spoofed packets can be a labor-intensive task. As the adaptive security appliance can refer to its routing table to determine which networks are reachable through which interface, it can also use its routing table to validate source addresses of incoming packets. The technique is called Unicast Reverse Path Forwarding (uRPF), and the Cisco ASA adaptive security appliance supports the strict uRPF usage, where packets must arrive over the correct interface in order to be accepted.

Related Courses:
ASAE — ASA Essentials
FIREWALL — Deploying Cisco ASA Firewall Solutions
VPN – Deploying Cisco ASA VPN Solutions
CCNP Security – Cisco Certified Network Professional Security

In this article

Join the Conversation