Debug,
I am trying to answer the question for you by asking the requirements? What is the PAT'd IP for devices behind R2? Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Debug Radius [mailto:[email protected]] Sent: Thursday, November 04, 2010 11:37 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 2A, Task 2.3 Here are lab req: ====On R5 allow http and htts destined to web server located at 9.9.45.4 from anywhere coming thru fa0/1.1256. Traffic filtering shold be done on this external facing interface To pretect this web server from tcp syn attacks, configure R5 to protect this server against atacks. R5 should begin to drop conenctions if the amount of half open conenctions exceeds 300. It should teturn to normal after this number falls below 150. when th erouter does enter aggressive mode change the default behaviour for halsp open sessions. Exclude the PAT'd devices behind R2 The above mentioned web server will be taken down for maintenance and backups between 1;00 am and 3.00am every Wednesday. The maintenance schedule will come into effect on the 1st of the months for next 6 months. Do not allow communication during these maintenance windows=== On Wed, Nov 3, 2010 at 2:31 PM, Tyson Scott <[email protected]> wrote: Debug, What are the requirements of Task 2.3 and what does 9.9.156.2 correlate to? It is R2's outside address but what else is using that same address? Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Debug Radius Sent: Wednesday, November 03, 2010 11:09 AM To: [email protected] Subject: [OSL | CCIE_Security] Lab 2A, Task 2.3 Hello, Could someone explaine the purpose of following lines: ip access-list ext WEB_SERVER deny tcp host 9.9.156.2 host 10.0.45.4 - not sure why is this line here. permit tcp any host 10.0/45.5 - This line is for web server's nated ip address. thanks
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
