Simon, The reason or using different policy maps as was done by myself is to define more granular traffic flows later. Typically you should not be allowing the same flows of traffic from zone to zone. You should have different rules based on the source and destination.
Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Simon Baumann Sent: Wednesday, June 24, 2009 11:32 AM To: [email protected] Subject: [OSL | CCIE_Security] Question about policy-map. Hi, the PG uses an extra policy-map in Lab2A task 2.16 for every zone-pair with the same policy, referencing to the same two class maps (for TCP/ UDP and ICMP). I only used one policy-map, but do I have a disadvantage (besides missing flexibility) when I use only one policy-map? TIA. Cheers Simon
