From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Sat Jun 28 2008 - 07:29:27 ART
Hi Raul,
As a future Security Expert you have to configure it as per the best
practice if the question was not detailed enough.
So you have to specifically allow only needed IP addresses as per the
scenario.
I know that there are a lot of ways might work and achieve same result, but
usually there are very few solutions that show that you are really an
Expert.
My objective here is to be a "real expert" not to pass the exam.
I recommend you to start thinking by this way and you will see a lot of
different.
BEST REGARDS,
RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
INSPIRED MASTER
INSPIRING CREATIVE THINKING ....
WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ciscosec sec
Sent: Saturday, June 28, 2008 1:44 AM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: doubt with access-list in Firewalls
Hello Group,
I just had a doubt. In the labs is it ok to configure the access-list
on Firewalls with any any.
For eg if i were to configure IPSEC between 2 devices with the
Firewall in between,
can i configure the ASA as follows:
access-list outside permit esp any any
access-list outside permit upd any any eq isakmp
or do we need to specify the exact hosts in the access list.
Regards,
raul
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART