Thanks, Tyson. I thought that too. But because of snugness I only used
one :)
So it would be valid but I could shoot myself in the foot if I'd need
more granular
rules later on?
Cheers
Simon
Am 24.06.2009 um 17:35 schrieb Tyson Scott:
Simon,
The reason or using different policy maps as was done by myself is
to define
more granular traffic flows later. Typically you should not be
allowing the
same flows of traffic from zone to zone. You should have different
rules
based on the source and destination.
Regards,
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: [email protected]
Join our free online support and peer group communities:
http://www.IPexpert.com/communities
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video
On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab,
CCIE
Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE
Storage
Lab Certifications.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Simon
Baumann
Sent: Wednesday, June 24, 2009 11:32 AM
To: [email protected]
Subject: [OSL | CCIE_Security] Question about policy-map.
Hi,
the PG uses an extra policy-map in Lab2A task 2.16 for every zone-pair
with the same policy, referencing to the same two class maps (for TCP/
UDP and ICMP).
I only used one policy-map, but do I have a disadvantage (besides
missing flexibility) when I use only one policy-map? TIA.
Cheers
Simon
