Re: [OSL | CCIE_Security] ASA inbound policing?

Thu, 27 May 2010 07:27:05 -0700 

I think I do inbound policing on the Video Walk Thru.  Have you seen it yet?

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto:  <mailto:[email protected]> [email protected]

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com/> www.ipexpert.com

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Jimmy
Larsson
Sent: Thursday, May 27, 2010 3:00 AM
To: OSL Security
Subject: [OSL | CCIE_Security] ASA inbound policing?

 

Hi

 

In WB2 lab 16 task 1.4 we are asked to police traffic from inside to
outside. DSG tells us to do outbound policing on interface outside after
NAT. 

 

I configured inbound policing on inside instead but I cant get it to work. I
guess that means that it´s the wrong solution. ;) But can anyone explain
why? Is´nt it possible to do inbound policing? 

 

This is what I did:

 

access-list INSIDE2V6 extended permit ip 172.16.10.0 255.255.255.0
100.13.6.0 255.255.255.0 

access-list INSIDE2V6 extended permit ip 172.16.11.0 255.255.255.0
100.13.6.0 255.255.255.0 

 

access-list INSIDE2V5 extended permit ip 172.16.10.0 255.255.255.0
200.13.5.0 255.255.255.0 

access-list INSIDE2V5 extended permit ip 172.16.11.0 255.255.255.0
200.13.5.0 255.255.255.0 

 

class-map INSIDE2V5

 match access-list INSIDE2V5

 

class-map INSIDE2V6

 match access-list INSIDE2V6

 

policy-map INSIDE

 class INSIDE2V5

  police input 64000

 class INSIDE2V6

  police input 128000

!

 

Anyone?

 

Br Jimmy

-- 
-------
Jimmy Larsson
Ryavagen 173
s-26030 Vallakra
Sweden
http://blogg.kvistofta.nu
-------


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to