Depending on your topology Cisco Unicast Reverse Path Forwarding may be a good fit. It's usefulness is highly dependent on an ISP's topology in regard to equal cost paths and transit traffic.
http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_unicast_rpf.html#wp1001292 Chris http://travelingtech.net On Wed, Jun 2, 2010 at 1:22 PM, Saxon Jones <saxon.jo...@gmail.com> wrote: > I've not tried this, but at a conceptual level I think stateful > firewall rules would achieve what you're trying to do. I'm unconvinced > you'll enjoy the result, since you're going to have to rely on your > session tables and if that isn't perfect then you're going to have > unexpected behaviour (and also it won't be perfect for session-less > traffic like most UDP). I think that's a risk in what you're trying to > achieve, and not specific to how you achieve it; whether it's worth it > or not is up to you. I'd be rather unimpressed if I found out my ISP > was doing this to my traffic (not because I want asymmetric routing at > home but because of the risks it entails). > > -saxon > > On 2 June 2010 12:04, jack daniels <jckdaniel...@gmail.com> wrote: > > Hi Guys, > > I'm facing a issue and stuck on a thought process , would appreciate if > some > > > > way you guys can show with your experience in industry - > > > > ISSUE ---- > > > > user X spoofs IP ADDRESS OF ISP-A and sends traffic out to internet... > > now when traffic is comming back via ISP-A... I want to block such > traffic > > which is not orignating from my ISP... > > but catch here is ---- filtering is to be done in ISP ...so putiing acl > for > > each users and ports is not scallable..... > > Please help with any way out ... > > Thanks and Regards > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/