Yes on the second question.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Tuesday, January 19, 2010 10:42 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Section 1.11 MPF Hi Tyson The police query was for SMTP only. Why should we inspect the SMTP traffic that should be just policed? In the case of email with domain "king.com", the user ids will be like [email protected], [email protected]. Will "regex king " <http://king.com/> king.com", match the above user ids? With regards Kings On Tue, Jan 19, 2010 at 9:00 PM, Tyson Scott <[email protected]> wrote: Kingsley, The problems with "regex "*king.com <http://king.com/> "" is that you will match viking.com <http://viking.com/> , stocking.com <http://stocking.com/> , ...king.com <http://king.com/> . The solution says to match on the specific domain thus the solution is what is required. inspect is needed with the police action if you want to hold smtp to the rules of the protocol without it, it will just be inspected as regular TCP traffic. I am assuming it is smtp you are speaking of as I don't remember the question off the top of my head. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, January 19, 2010 8:01 AM To: [email protected] Subject: [OSL | CCIE_Security] Section 1.11 MPF Hi all The question says that SMTP should be checked for the domain. I have the following questions: 1) Which domain is to be considered, the local domain or sender's domain. If it is the local domain, then the following solution is correct: policy-map type inspect esmtp mail parameters mail-relay king.com <http://king.com/> action drop-connection 2)If we need match the domain in sender's address, isn't the following the correct solution? regex king ".*king.com <http://king.com/> " policy-map type inspect esmtp mail parameters match sender-address regex king reset Solution given in the work book regex king "king.com <http://king.com/> " policy-map type inspect esmtp mail parameters match sender-address regex king reset With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
