CCIE Security Practice Labs

From: Mike Stout (michaelgstout@gmail.com)
Date: Thu Dec 06 2007 - 18:48:45 ART

• Next message: Scott Vermillion: "RE: [SPAM]Re: I know this CCIE who wouldn't know a packet if it"
• Previous message: Jian Gu: "Re: [SPAM]Re: I know this CCIE who wouldn't know a packet if it"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello:
I am looking at chapter 4 section 6.1 IOS FW
Q: Configure R5 and R6 as firewalls shch that all tcp traffic from man to
internet (FR) is allowed only if originating from LAN and not vic versa.
Allow routing protocols where necessary and udp traffic from domain name
resolution. For testing purposes, allow pings from anywhere.
Do not use CBAC to achieve this task.

The solution uses an access with the established param.
Is there any reason why a reflexive access-list would be wrong?

Thank You.

• Next message: Scott Vermillion: "RE: [SPAM]Re: I know this CCIE who wouldn't know a packet if it"
• Previous message: Jian Gu: "Re: [SPAM]Re: I know this CCIE who wouldn't know a packet if it"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST