Correct. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: Simon Baumann [mailto:[email protected]] Sent: Wednesday, June 24, 2009 11:42 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Question about policy-map. Thanks, Tyson. I thought that too. But because of snugness I only used one :) So it would be valid but I could shoot myself in the foot if I'd need more granular rules later on? Cheers Simon Am 24.06.2009 um 17:35 schrieb Tyson Scott: > Simon, > > The reason or using different policy maps as was done by myself is > to define > more granular traffic flows later. Typically you should not be > allowing the > same flows of traffic from zone to zone. You should have different > rules > based on the source and destination. > > Regards, > > Tyson Scott - CCIE #13513 R&S and Security > Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > Cell: +1.248.504.7309 > Fax: +1.810.454.0130 > Mailto: [email protected] > > Join our free online support and peer group communities: > http://www.IPexpert.com/communities > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video > On Demand > and Audio Certification Training Tools for the Cisco CCIE R&S Lab, > CCIE > Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE > Storage > Lab Certifications. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Simon > Baumann > Sent: Wednesday, June 24, 2009 11:32 AM > To: [email protected] > Subject: [OSL | CCIE_Security] Question about policy-map. > > Hi, > the PG uses an extra policy-map in Lab2A task 2.16 for every zone-pair > with the same policy, referencing to the same two class maps (for TCP/ > UDP and ICMP). > I only used one policy-map, but do I have a disadvantage (besides > missing flexibility) when I use only one policy-map? TIA. > > Cheers > Simon > >
