Tacack,
I don't have an answer to your question but another question. Why would "router-traffic" (Inbound) allow the packets? Johan From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: 25 November 2010 12:56 PM To: OSL Security Subject: [OSL | CCIE_Security] Doubt in Lab 15 Hello All, Here's the scenario <---------------->(s0/1/0) R5 (fa 0/1) <------------------> There's an ACL inbound on the s0/1/0 interface blocking everything but icmp packets Also, there is CBAC applied "outbound" on the s0/1/0 which looks at TCP , UDP and ICMP ( as per the question ). Now, in a future task, R5 is to sync with an NTP master, through the s0/1/0 network. For this, there are 2 solutions 1) Open up a hole in the inbound ACL on the s0/1/0 , to permit NTP packets 2) Modify the CBAC session configured on s0/1/0 , to inspect "router-traffic" Now, what i was wondering was, if i used the second solution method, would i be losing points for the first cbac task? I know configuring extra doesn't affect the grading, but i was a little concerned . Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
