I had a reliable resource say that when they used it two times, it caused the access to the documentation to go down. As if it was being blocked because someone, him, attempted to use the search function. So at this point I would still not rely on it.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Yogesh Gawankar Sent: Monday, July 12, 2010 2:43 AM To: OSL Security' Subject: Re: [OSL | CCIE_Security] ICMP v/s CBAC Great. So we cant trust config guides and as I heard from someone sometimes you cant access the config guides too:) It gets better. Any idea if we can use search function in the lab. I have been getting mixed reports on this. Thanks and regards Yogesh Gawankar --- On Mon, 7/12/10, Tyson Scott <[email protected]> wrote: From: Tyson Scott <[email protected]> Subject: Re: [OSL | CCIE_Security] ICMP v/s CBAC To: "'Vybhav Ramachandran'" <[email protected]>, "'OSL Security'" <[email protected]> Date: Monday, July 12, 2010, 3:56 PM TaCACK Although the product documentation should be used as your primary resource it isn't always 100% accurate. This may have been the case for ICMP at one time, but would have had to have been before 12.2T when I started studying. But what this document states for other IP protocols is true with protocols like ESP or GRE that are not supported by CBAC. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <http://us.mc581.mail.yahoo.com/mc/[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Monday, July 12, 2010 1:52 AM To: OSL Security Subject: [OSL | CCIE_Security] ICMP v/s CBAC Hello All, I was going through the CBAC section of the doc-cd yesterday and i found this : (Other IP traffic, such as ICMP, cannot be inspected with CBAC and should be filtered with basic access lists instead.) I thought CBAC inspect icmp and i labbed it up. I found that ICMP traffic triggered CBAC session creation and the return traffic was permitted ( even though i had a "deny ip any any" access-list on the outside interface in an inbound direction) Here's the article -> <http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_ cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_c fg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html Would appreciate your thoughts on this. Cheers, TacACK -----Inline Attachment Follows----- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
