thanks a lot for all your inputs..
On Wed, Feb 16, 2011 at 8:31 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> Exactly.
>
> I do not think you would loose any marks for configuring something that
> does not break any other requirement in the lab. So leaving icmp inspect
> configured would not cause any harm.
>
> Unless any other part of the exam prohibits you (explicitly, as well as
> implicitly) from doing so!
>
> Happy studying!
>
> Sadiq
>
>
> On Wed, Feb 16, 2011 at 3:55 PM, TED <ccie.security.nigeria_at_gmail.com>wrote:
>
>> I think it is better to be safe with things like this.
>> There is no need leaving a configurations that will not be graded if you
>> ask
>> me.
>> What if the proctor assumes that it was part of a solution and grades
>> accordingly.
>>
>> On Tue, Feb 15, 2011 at 6:29 PM, Pemasiri Devanarayana
>> <pemasiri_at_gmail.com>wrote:
>>
>> > yes.. you are correct my concern was only for lab exam point of view.
>> >
>> > thanks for all your feedback..
>> >
>> > On Tue, Feb 15, 2011 at 7:49 AM, Radioactive Frog <pbhatkoti_at_gmail.com
>> > >wrote:
>> >
>> > >
>> > > >>>>the traffic can severely affect the performance of the ASA.<<<
>> > >
>> > > Hi think Pemasiri is talking about lab environment - not a production.
>> > > I don't see any reason why that would be a problem Pemasiri in the lab
>> as
>> > > that is the best way to evaluate lab for cisco.
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > On Tue, Feb 15, 2011 at 3:08 PM, waseemullah memon <
>> > waseela.mem_at_gmail.com>wrote:
>> > >
>> > >> Hi Pemasiri,
>> > >>
>> > >> By having inspect icmp configured in your ASA, you are instructing it
>> to
>> > >> fast switch all the ICMP packets besides creating the statefull
>> object
>> > to
>> > >> allow the return trafffic.
>> > >>
>> > >> Now, it depends upon the volume of ICMP traffic passing through your
>> > >> firewall and the hardware resource capability of the ASA to handle
>> that
>> > >> traffic, because for every icmp request through the ASA will create a
>> > new
>> > >> entry in your connection table.
>> > >>
>> > >> If the ICMP sessions exceed the number of connections an ASA can
>> handle
>> > >> then
>> > >> the traffic can severely affect the performance of the ASA.
>> > >>
>> > >> HTH!
>> > >>
>> > >>
>> > >> On Tue, Feb 15, 2011 at 12:00 AM, Pemasiri Devanarayana
>> > >> <pemasiri_at_gmail.com>wrote:
>> > >>
>> > >> > Hi,
>> > >> >
>> > >> > I just want some one to confirm that, if we use inspect icmp on ASA
>> > just
>> > >> > for
>> > >> > troubleshooting purpose and by mistake if we leave them with the
>> > running
>> > >> > configuration, will it considered as unnecessary configuration and
>> > will
>> > >> I
>> > >> > loose marks on ASA part.?
>> > >> >
>> > >> > thanks
>> > >> > Pemasiri
>> > >> >
>> > >> >
>> > >> > Blogs and organic groups at http://www.ccie.net
>> > >> >
>> > >> >
>> > _______________________________________________________________________
>> > >> > Subscription information may be found at:
>> > >> > http://www.groupstudy.com/list/CCIELab.html
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >>
>> > >>
>> > >> --
>> > >> Thanks and Regards,
>> > >> Waseemullah Memon
>> > >>
>> > >>
>> > >> Blogs and organic groups at http://www.ccie.net
>> > >>
>> > >>
>> _______________________________________________________________________
>> > >> Subscription information may be found at:
>> > >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 17 2011 - 01:05:58 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART