Re: TCP Intercept Question

From: Jesse Loggins CCIE#14661 (jlogginsccie@san.rr.com)
Date: Sat Jun 23 2007 - 15:13:25 ART

• Next message: Greg Wendel: "distribute-list using map-tag in OSPF - without using a"
• Previous message: Greg Wendel: "distribute-list using map-tag in OSPF"
• Maybe in reply to: Antonio Soares: "TCP Intercept Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The answer is 3, "intercept all TCP" is the key phrase in this question.
This is also the sort of detail that lab candidates must pay attenetion too.
It is one of the keys to passing the lab.

Jesse Loggins
CCIE#14661 (R&S)

----- Original Message -----
From: "Antonio Soares" <amsoares@netcabo.pt>
To: "'Filyurin, Yan'" <yan.filyurin@eds.com>; "'Eric Poulin'"
<epoulins@yahoo.com>; "'ccie forum'" <ccielab@groupstudy.com>
Sent: Saturday, June 23, 2007 9:51 AM
Subject: RE: TCP Intercept Question

>I would choose #4. But it would be better to check with the proctor. This
>is
> the type of question that scares me. Something you know how it works but a
> wrong interpretation gives you 0 points...
>
> Thank you,
> Antonio
>
> -----Original Message-----
> From: Filyurin, Yan [mailto:yan.filyurin@eds.com]
> Sent: sabado, 23 de Junho de 2007 2:14
> To: Eric Poulin; Antonio Soares; ccie forum
> Subject: RE: TCP Intercept Question
>
> I would vote for #3 and run to the proctor. # 3 sounds reasonable because
> it applies to all TCP traffic, which the question states and it also gives
> an explicit IP of that server. On the other hand, I have seen answers to
> the question that say # 4, so I would ask something
> like: if anyone attempted to ftp or telnet to that server, would you want
> that intercepted as well? The next thing would be to figure out the
> requirement on the tcp intercept mode.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Eric
> Poulin
> Sent: Friday, June 22, 2007 8:53 PM
> To: Antonio Soares; 'ccie forum'
> Subject: Re: TCP Intercept Question
>
> Option 3 and 4 will do the job.
>
> --- Antonio Soares <amsoares@netcabo.pt> wrote:
>
>> Hello group,
>>
>>
>> Question about TCP Intercept:
>>
>> Q: Consider having a web server with an IP address of 160.10.33.1 on
>> VLAN_X and configure R1 to intercept all TCP traffic to this server.
>>
>> Which ACL would you configure?
>>
>> 1) access-list 101 permit tcp any any
>>
>> 2) access-list 102 permit tcp any any eq www
>>
>> 3) access-list 103 permit tcp any host 160.10.33.1
>>
>> 4) access-list 104 permit tcp any host 160.10.33.1 eq www
>>
>>
>> Thanks,
>> Antonio
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
>
>
> ________________________________________________________________________
> ____________
> Bored stiff? Loosen up...
> Download and play hundreds of games for free on Yahoo! Games.
> http://games.yahoo.com/games/front
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Greg Wendel: "distribute-list using map-tag in OSPF - without using a"
• Previous message: Greg Wendel: "distribute-list using map-tag in OSPF"
• Maybe in reply to: Antonio Soares: "TCP Intercept Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART