From: Antonio Soares (amsoares@netcabo.pt)
Date: Sat Jun 23 2007 - 13:51:22 ART
I would choose #4. But it would be better to check with the proctor. This is
the type of question that scares me. Something you know how it works but a
wrong interpretation gives you 0 points...
Thank you,
Antonio
-----Original Message-----
From: Filyurin, Yan [mailto:yan.filyurin@eds.com]
Sent: sabado, 23 de Junho de 2007 2:14
To: Eric Poulin; Antonio Soares; ccie forum
Subject: RE: TCP Intercept Question
I would vote for #3 and run to the proctor. # 3 sounds reasonable because
it applies to all TCP traffic, which the question states and it also gives
an explicit IP of that server. On the other hand, I have seen answers to
the question that say # 4, so I would ask something
like: if anyone attempted to ftp or telnet to that server, would you want
that intercepted as well? The next thing would be to figure out the
requirement on the tcp intercept mode.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Eric
Poulin
Sent: Friday, June 22, 2007 8:53 PM
To: Antonio Soares; 'ccie forum'
Subject: Re: TCP Intercept Question
Option 3 and 4 will do the job.
--- Antonio Soares <amsoares@netcabo.pt> wrote:
> Hello group,
>
>
> Question about TCP Intercept:
>
> Q: Consider having a web server with an IP address of 160.10.33.1 on
> VLAN_X and configure R1 to intercept all TCP traffic to this server.
>
> Which ACL would you configure?
>
> 1) access-list 101 permit tcp any any
>
> 2) access-list 102 permit tcp any any eq www
>
> 3) access-list 103 permit tcp any host 160.10.33.1
>
> 4) access-list 104 permit tcp any host 160.10.33.1 eq www
>
>
> Thanks,
> Antonio
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART