From: Filyurin, Yan (yan.filyurin@eds.com)
Date: Fri Jun 22 2007 - 22:13:58 ART
I would vote for #3 and run to the proctor. # 3 sounds reasonable
because it applies to all TCP traffic, which the question states and it
also gives an explicit IP of that server. On the other hand, I have
seen answers to the question that say # 4, so I would ask something
like: if anyone attempted to ftp or telnet to that server, would you
want that intercepted as well? The next thing would be to figure out
the requirement on the tcp intercept mode.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Eric Poulin
Sent: Friday, June 22, 2007 8:53 PM
To: Antonio Soares; 'ccie forum'
Subject: Re: TCP Intercept Question
Option 3 and 4 will do the job.
--- Antonio Soares <amsoares@netcabo.pt> wrote:
> Hello group,
>
>
> Question about TCP Intercept:
>
> Q: Consider having a web server with an IP address of 160.10.33.1 on
> VLAN_X and configure R1 to intercept all TCP traffic to this server.
>
> Which ACL would you configure?
>
> 1) access-list 101 permit tcp any any
>
> 2) access-list 102 permit tcp any any eq www
>
> 3) access-list 103 permit tcp any host 160.10.33.1
>
> 4) access-list 104 permit tcp any host 160.10.33.1 eq www
>
>
> Thanks,
> Antonio
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART