you only have to do what is necessary for the task. The test requires functioning configuration. The concern is not as much with configuration "most of the time"
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Saturday, May 22, 2010 12:18 PM To: Tyson Scott Cc: Piotr Matusiak; [email protected] Subject: Re: [OSL | CCIE_Security] ASA transparent firewall Tyson, with respect to lab, do we need to configure ACLs for higher to lower traffic or not. I am not seeing an consistency with the behavior. With regards Kings On Sat, May 22, 2010 at 9:39 PM, Tyson Scott <[email protected]> wrote: It did change in 8.0. Not sure which version but an IP acl is no longer necessary from higher to lower traffic. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Saturday, May 22, 2010 12:07 PM To: Piotr Matusiak Cc: [email protected] Subject: Re: [OSL | CCIE_Security] ASA transparent firewall Indeed I have configured IP address else the ASA won't pass the traffic right? I think, we should be in the par with what Cisco says. Only ARP is allowed and others need access-list to be allowed across. BTW, I observed BPDU also moving freely across without ACL. With regards Kings On Sat, May 22, 2010 at 6:10 PM, Piotr Matusiak <[email protected]> wrote: As far as I know you need ACL in transparent mode only to allow m-cast traffic. Unicast packets should pass freely from higher to lower security level. Make sure you have IP address assigned to the box. HTH, Piotr 2010/5/22 Kingsley Charles <[email protected]> The behaviour that I have mentioned is not consistent. If anyone has seen this, please do let me know. With regards Kings On Sat, May 22, 2010 at 4:18 PM, Kingsley Charles <[email protected]> wrote: Hi all I am using 8.0(4) in ASA and the mode is transparent firewall. For IP traffic to pass from higher security to lower security, I have no access-list configured. It just behaves like routed mode ASA. Any idea, when did this change happen? Earlier, we needed access-list to be configured even from higher to lower security level. With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
