Terry,
I believe there may have been a bug in the 12.4(22)T code when I wrote that lab. For some reason when I inspected ICMP both ways it would drop the ICMP packets with policy match failures on the inbound zone pair. Since Upgrading to 12.4(24)T I no longer see that same problem so I may switch the solution in some of the earlier labs. But regardless the most important thing is that your solution works. Don't worry so much about matching the solution exactly, it matters most that you are meeting the requirements. I hope this helps to answer your question. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Sunday, March 14, 2010 8:29 PM To: CCIE Sec Subject: [OSL | CCIE_Security] Lab 2 sect 2.11 zbfw I was curious as to why the solution for this section calls out special treatment for the icmp packets. Aren't these packets already covered by other lines in the configuration? It seems to work fine for me without the icmp specific class and policy configuration. Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
