You could change the security level for the outside to 99 and the inside to 1 ;) But not sure that is what you would want to do.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Thursday, July 01, 2010 1:15 PM To: CCIE Sec Subject: [OSL | CCIE_Security] ASA outside interface question If an acl is not an option to allow traffic in the outside interface of an ASA is there any way to open a whole for udp traffic to pass through the ASA from outside to inside?? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
