Exactly.
I do not think you would loose any marks for configuring something that does
not break any other requirement in the lab. So leaving icmp inspect
configured would not cause any harm.
Unless any other part of the exam prohibits you (explicitly, as well as
implicitly) from doing so!
Happy studying!
Sadiq
On Wed, Feb 16, 2011 at 3:55 PM, TED <ccie.security.nigeria_at_gmail.com>wrote:
> I think it is better to be safe with things like this.
> There is no need leaving a configurations that will not be graded if you
> ask
> me.
> What if the proctor assumes that it was part of a solution and grades
> accordingly.
>
> On Tue, Feb 15, 2011 at 6:29 PM, Pemasiri Devanarayana
> <pemasiri_at_gmail.com>wrote:
>
> > yes.. you are correct my concern was only for lab exam point of view.
> >
> > thanks for all your feedback..
> >
> > On Tue, Feb 15, 2011 at 7:49 AM, Radioactive Frog <pbhatkoti_at_gmail.com
> > >wrote:
> >
> > >
> > > >>>>the traffic can severely affect the performance of the ASA.<<<
> > >
> > > Hi think Pemasiri is talking about lab environment - not a production.
> > > I don't see any reason why that would be a problem Pemasiri in the lab
> as
> > > that is the best way to evaluate lab for cisco.
> > >
> > >
> > >
> > >
> > >
> > > On Tue, Feb 15, 2011 at 3:08 PM, waseemullah memon <
> > waseela.mem_at_gmail.com>wrote:
> > >
> > >> Hi Pemasiri,
> > >>
> > >> By having inspect icmp configured in your ASA, you are instructing it
> to
> > >> fast switch all the ICMP packets besides creating the statefull object
> > to
> > >> allow the return trafffic.
> > >>
> > >> Now, it depends upon the volume of ICMP traffic passing through your
> > >> firewall and the hardware resource capability of the ASA to handle
> that
> > >> traffic, because for every icmp request through the ASA will create a
> > new
> > >> entry in your connection table.
> > >>
> > >> If the ICMP sessions exceed the number of connections an ASA can
> handle
> > >> then
> > >> the traffic can severely affect the performance of the ASA.
> > >>
> > >> HTH!
> > >>
> > >>
> > >> On Tue, Feb 15, 2011 at 12:00 AM, Pemasiri Devanarayana
> > >> <pemasiri_at_gmail.com>wrote:
> > >>
> > >> > Hi,
> > >> >
> > >> > I just want some one to confirm that, if we use inspect icmp on ASA
> > just
> > >> > for
> > >> > troubleshooting purpose and by mistake if we leave them with the
> > running
> > >> > configuration, will it considered as unnecessary configuration and
> > will
> > >> I
> > >> > loose marks on ASA part.?
> > >> >
> > >> > thanks
> > >> > Pemasiri
> > >> >
> > >> >
> > >> > Blogs and organic groups at http://www.ccie.net
> > >> >
> > >> >
> > _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >> --
> > >> Thanks and Regards,
> > >> Waseemullah Memon
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Wed Feb 16 2011 - 17:31:58 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART