Some attacks effectively spoof an internal IP address to infiltrate the network. Spoofing means that you pretend to be someone you're not. You can reduce the number of successful network attacks by applying a simple spoofing access-control list.

Packets entering the network from the outside bearing a spoofed internal IP address can be denied by using the command access-list 101 deny IP source_ip mask destination_ip mask.