I might be blind/stupid, or it´s just because I am on my 11th hour of online rackrental, but...
In Wb2 lab 16 task 1.5 it saids: MPF * There ar 2 FTP-servers on DMZ, 172.16.7.104 and 172.16.7.105 * They should be seen to the outside world as 200.13.24.100 and 200.13.24.105 * The FTP servers on the DMZ are using port 2121. Make sure outside networks can FTP to servers in the DMZ * Do no t allow FTP traffic outbound thru ASA to FTP server 200.13.6.100. The heading for the task is MPF and the DSG does: * 2 statics * access-list denying ftp-traffic to 6.100, and permitting traffic to 24.104/105. * class-map FTP, match access-list * policy-map global_policy, class FTP, inspect ftp strict So, why are we using MPF at all? My solution was just to: * add those 2 statics for inbound traffic * put a deny of outbound traffic to stop ftp to that outside ftp-host 200.13.6.100 What am I missing? /J -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
