Dear Kamran, I think inspect icmp only allow icmp echo-reply from outside where the echo request is from inside. You still need an access-list for echo-request source from outside to work .
Inspect ipsec-pass-through allow the establishment of IKE phase 2. which allow you to send encrypted packet from inside to outside. You still need an access-list to send encrypted traffic from outside to inside. In both cases you have to create an access-list for traffic source from outside. That my own view i stand to be corrected. Regards, Wale ________________________________ From: kamran shakil <[email protected]> To: [email protected] Sent: Tue, January 18, 2011 5:39:48 AM Subject: [OSL | CCIE_Security] INSPECTIONS !!! (ASA in the game!) Dear Guys , Just 2 simple questions to clarify for exam : Inspect ICMP and Inspect IPSEC-PASS-THRU I believe that for the above Inspect ICMP, the corresponding command is PERMIT ICMP ANY ANY from outside->inside , while Inspect IPSEC-PASS-THRU , the corresponding command is esp any any and isakmp any any ? am i right !!! If i am right ...then in the exam If it is NOT clearly mentioned or pointed out whether i should use Inspections for the above or ACLs as described above , which one shall i consider to be first choice , priority ! Waiting for reply ! regards and truly, Kamran Shakil.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
