From: Tarun Pahuja (pahujat@gmail.com)
Date: Thu Nov 08 2007 - 16:28:44 ART
Think of it this way, when working in the real world, you are told what to
allow and what to deny using a Firewall. The customer/Client always does not
necessary know what all would be effected by the firewall. As a CCIE, your
task is to accomplish the task without disrupting normal traffic required
for connectivity as well as other applications that were running before you
installed a firewall or made changes to one.
That is the Fun Part!
HTH,
Tarun
On 11/8/07, hadek.el-ayachi@nsn.com <hadek.el-ayachi@nsn.com> wrote:
>
> Hi GS,
> If I am asked to permit only icmp/udp/tcp traffic inbound if it is
> initiated from inside, the answer is:
> ip access-list ext FW_OUT
> permit icmp an an reflect FW
> permit tcp an an reflect FW
> permit udp an an reflect FW
>
> But, what about other protocols and futur protocols sach as igmp,
> gre...? Should I add per ip any any? Does it deserve askin proctor?
> Thanks for comment
>
>
> E. HADEK
> Nokia Siemens Networks
> IP Core planner
> 5 rue Abou Inane- Hassan
> Rabat - Maroc
> Tel : +212 37 26 15 30
> GSM : + 212 61 44 93 98
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART