From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Nov 15 2004 - 11:36:19 GMT-3
John,
Yes there was a previous typo in this solution that was fixed.
The correct ACLs read as follows:
R3#
ip access-list extended SMTP_FROM_SERVER
permit tcp host 132.1.3.100 eq smtp any
R5#
ip access-list extended SMTP_TO_SERVER
permit tcp any host 132.1.3.100 eq smtp
See this post for reference:
http://forum.internetworkexpert.com/ubbthreads/showflat.php?Cat=&Board=I
EWB_RS_LAB2&Number=4830&Forum=All_Forums&Words=smtp&Searchpage=0&Limit=2
5&Main=1570&Search=true&where=bodysub&Name=&daterange=1&newerval=1&newer
type=y&olderval=&oldertype=&bodyprev=#Post4830
And no this isn't a CCNP level question ;)
Thanks,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> John Matus
> Sent: Monday, November 15, 2004 12:29 AM
> To: marc van hoof; ccie2be
> Cc: lab
> Subject: Re: smtp flow
>
> yes, that was my initial thinking, however internetwork experts had it
> ass-backwards in their solution guide and i just wanted to make sure i
was
> correct <and they had a typo>
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: "marc van hoof" <mvh@marcvanhoof.com>
> To: "ccie2be" <ccie2be@nyc.rr.com>
> Cc: "John Matus" <jmatus@pacbell.net>; "lab" <ccielab@groupstudy.com>
> Sent: Sunday, November 14, 2004 8:50 PM
> Subject: Re: smtp flow
>
>
> > oh, and to answer the question, i would probably go with:
> >
> > deny tcp any eq smtp any
> >
> > given that you have to look at the terms "server" and "client" from
the
> > perspective of the transaction, rather than the functions of the
> > hardware...
> >
> > in a traditional transaction, a client will be the originator of a
> > session, and the server will be the recipient...
> >
> > so PC 1 creates a tcp connection from some random source port to
another
> > computer on port 25... in this transaction, i'd interpret that as
the
> > "server"
> >
> > to block the return traffic, you need to stop it flowing from the
> "server"
> > on port 25 to the client's variable port, hence it must be
unspecified
> in
> > the acl.
> >
> > the definition of "server" and "client" are something you could
probably
> > ask the proctor though - just to clarify your understanding of the
> > question. "proctor - should we assume that the client is the
originator
> of
> > the connection - i'm a bit confused because smtp is often used
between
> > mail servers"...
> >
> > -marc (#13832)
> >
> > On Sun, 14 Nov 2004, ccie2be wrote:
> >
> >> John,
> >>
> >> I don't know the answer for sure. But, in the lab, if something
like
> >> that
> >> comes and the wording of the task didn't forbid it, what I would do
is
> >> use
> >> both. Youdon't lose points for extra config commands which aren't
> needed
> >> as
> >> long as the extra commands don't break or violate anything else.
> >>
> >> If one of those entries is the right entry but you don't know which
one
> >> and
> >> just guess, you've got a 50% chance of being right. If you put in
both
> >> entries and the wrong entry does no harm, you've increase your odds
to
> >> 100%.
> >>
> >> FYI, smtp is usually not used between a server and a client.
Usually,
> >> it's
> >> something like pop, (or imap?).
> >>
> >> HTH, Tim
> >> ----- Original Message -----
> >> From: "John Matus" <jmatus@pacbell.net>
> >> To: "lab" <ccielab@groupstudy.com>
> >> Sent: Sunday, November 14, 2004 10:09 PM
> >> Subject: smtp flow
> >>
> >>
> >>> if you are writing an acl that is denying a smpt flow from a
server to
> a
> >>> client would it be:
> >>>
> >>> deny tcp any eq smtp any?..........(or deny tcp any any eq smtp)?
> >>>
> >>>
> >>> Regards,
> >>>
> >>> John D. Matus
> >>> MCSE, CCNP
> >>> Office: 818-782-2061
> >>> Cell: 818-430-8372
> >>> jmatus@pacbell.net
> >>>
> >>>
>
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:45 GMT-3