As for config guides, well, they are written by humans. Sometimes they aren't updated ;)
I would rather concentrate on navigating the Doc-CD without using the search engine. You dont want to be surprised in the lab. Also read a huge part of the Doc-CD before getting into the lab. That way, you might not need to refer to it at all :) On Mon, Jul 12, 2010 at 7:42 AM, Yogesh Gawankar <[email protected]>wrote: > Great. So we cant trust config guides and as I heard from someone sometimes > you cant access the config guides too:) > > It gets better. Any idea if we can use search function in the lab. I have > been getting mixed reports on this. > > Thanks and regards > > Yogesh Gawankar > > --- On *Mon, 7/12/10, Tyson Scott <[email protected]>* wrote: > > > From: Tyson Scott <[email protected]> > Subject: Re: [OSL | CCIE_Security] ICMP v/s CBAC > To: "'Vybhav Ramachandran'" <[email protected]>, "'OSL Security'" < > [email protected]> > Date: Monday, July 12, 2010, 3:56 PM > > TaCACK > > > > Although the product documentation should be used as your primary resource > it isn't always 100% accurate. This may have been the case for ICMP at one > time, but would have had to have been before 12.2T when I started studying. > But what this document states for other IP protocols is true with protocols > like ESP or GRE that are not supported by CBAC. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: > [email protected]<http://us.mc581.mail.yahoo.com/mc/[email protected]> > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Vybhav > Ramachandran > *Sent:* Monday, July 12, 2010 1:52 AM > *To:* OSL Security > *Subject:* [OSL | CCIE_Security] ICMP v/s CBAC > > > > Hello All, > > > > I was going through the CBAC section of the doc-cd yesterday and i found > this : > > > > (Other IP traffic, such as ICMP, cannot be inspected with CBAC and should > be filtered with basic access lists instead.) > > > > I thought CBAC inspect icmp and i labbed it up. I found that ICMP traffic > triggered CBAC session creation and the return traffic was permitted ( even > though i had a "deny ip any any" access-list on the outside interface in an > inbound direction) > > > > Here's the article -> > http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html > > > > Would appreciate your thoughts on this. > > > > Cheers, > > TacACK > > -----Inline Attachment Follows----- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Best Regards, Tolulope.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
