IP spoofing is used especially when a response packet is not necessary. The attack is most effective when there is a trust relationship between the systems in a network. Unfortunately, it is still common today for internal systems to trust each other, so that a user can log in without a user name and password when accessing the network from another internal system. With only one configuration line, it is possible to activate protection against possible IP spoofing on the ASA.

conf t
ip verify reverse-path interface WAN
write memory