Thank you Tyson.. On Tue, Feb 8, 2011 at 6:28 PM, Tyson Scott <[email protected]> wrote:
> It is your choice. It really doesn't matter. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Pemasiri > Devanarayana > Sent: Tuesday, February 08, 2011 9:28 AM > To: Kingsley Charles > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] DNS inspection on ASA > > Hi All, > > thanks for all your responses.. so what is the expected method in > during the lab exam.. can we use new L7 policy-map or use the existing > L7 Policy-map. > > Regards > Pemasiri > > On 2/8/11, Kingsley Charles <[email protected]> wrote: > > You can either use a new L7 policy map or default DNS policy map. Which > ever > > is first associated to the global policy will be in effect. > > > > With regards > > Kings > > > > On Tue, Feb 8, 2011 at 2:35 AM, Pemasiri Devanarayana > > <[email protected]>wrote: > > > >> Hi, > >> > >> when I want to inspect on id randamization, massage format > >> > >> 1) should i create new L7 policy-map or use the default policy-map of > >> preset_dns_map (policy-map type inspect dns preset_dns_map)..? > >> > >> 2) if I use different L7 Policy-map I have to remove the existing dns > >> inspection which is also inspecting "message-length maximum 512" by > >> default > >> and it will also will remove, in that case should i add message lenth > max. > >> 512 in the new L7 policy-map..? > >> > >> 3) when I configure match protocol-enforcement, it does not show under > >> running configuration. (show running-config policy-map), it's bug or its > >> already in inspection by default..? > >> > >> policy-map type inspect dns PM7-DNS > >> parameters > >> id-randomization > >> policy-map global_policy > >> class inspection_default > >> inspect ftp > >> inspect h323 h225 > >> inspect h323 ras > >> inspect netbios > >> > >> Appreciate all expertises' correct solution. > >> > >> > >> > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
