It is your choice. It really doesn't matter. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Pemasiri Devanarayana Sent: Tuesday, February 08, 2011 9:28 AM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] DNS inspection on ASA Hi All, thanks for all your responses.. so what is the expected method in during the lab exam.. can we use new L7 policy-map or use the existing L7 Policy-map. Regards Pemasiri On 2/8/11, Kingsley Charles <[email protected]> wrote: > You can either use a new L7 policy map or default DNS policy map. Which ever > is first associated to the global policy will be in effect. > > With regards > Kings > > On Tue, Feb 8, 2011 at 2:35 AM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi, >> >> when I want to inspect on id randamization, massage format >> >> 1) should i create new L7 policy-map or use the default policy-map of >> preset_dns_map (policy-map type inspect dns preset_dns_map)..? >> >> 2) if I use different L7 Policy-map I have to remove the existing dns >> inspection which is also inspecting "message-length maximum 512" by >> default >> and it will also will remove, in that case should i add message lenth max. >> 512 in the new L7 policy-map..? >> >> 3) when I configure match protocol-enforcement, it does not show under >> running configuration. (show running-config policy-map), it's bug or its >> already in inspection by default..? >> >> policy-map type inspect dns PM7-DNS >> parameters >> id-randomization >> policy-map global_policy >> class inspection_default >> inspect ftp >> inspect h323 h225 >> inspect h323 ras >> inspect netbios >> >> Appreciate all expertises' correct solution. >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
