The established line probably would have met the technical requiremeents... We may have to look at the wording on there, because (IMHO) that leaves things a little too lame! :) But hey, it's all about interesting changes.
As for the client ports, you likely could have specified gt 1023 there if you wanted to, but the any would have worked as well. Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Blom Sent: Thursday, June 07, 2007 9:35 AM To: [email protected] Subject: [OSL | CCIE_RS] Lab9 IPExpert v9.0 Hi, Just joined and currently working on lab 9 of the IPExpert Workbook. When I look at the latest downloaded final configuration for question 2 (R4's lambeau ACL), it specifically lists a line matching return traffic for web servers followed by a line matching return traffic from FTP servers: permit tcp 10.1.1.0 0.0.0.255 eq www any remark that line covers the replies from web servers on the inside permit tcp 10.1.1.0 0.0.0.255 any established remark that line is necessary for the FTP server responses since ports vary Would the answer not also be possible to be the following: 1. Just the established line or 2. add gt 1024 to the FTP entry (not a stated requirement, though, I think) Further, the answers seem to take server ports into account, but not client ports, when specific entries are asked and to allow remaining traffic, if only certain flows are explicitly stated to be blocked. Is this normal lab practice, so to speak, or is it typically something to ask the proctor? Kind regards, Kim Blom
