1) Are you talking about Port Redirection ? Question isnt too clear. 2) I would ask the Proctor to confirm that question. You'd safe yourself crucial time.
3) I havent come across such a scenario, but essentially, that would mean you design is only allowing inbound traffic and not outbound. But then again, if that was the case, and you so happened to be told to pass IP Traffic from outside to inside, just like you mentioned in your second question, then you can safely assume (maybe not - others can clarify) that you'd need to pass the same traffic in the reverse direction. It wouldnt be pass IP though, because in that case, if you are passing IP inbound and outbound then you'd be defeating the whole purpose of the ZFW. Mark On Tue, Feb 8, 2011 at 3:26 PM, Pemasiri Devanarayana <[email protected]>wrote: > Hi All, > > I have the following questions and appreciate your correct solutions how we > face those in the real lab exam.. > > 1) if a question asked you to configure nat for allow ftp/http or dns > doctoring etc.. do we need to configure to allow those traffic > (http/ftp/dns etc.) on the firewall outside interface in addition to the > question stated NAT configurations..? > > 2. in ZBF if the question said traffic (any ip traffic) from zone x to zone > y should be allowed...how do we know whether its the class-map with pass or > class map with inspect..?? > We know that pass will not have return traffic allow and not state table, > but how do we understand whether it should be configured for pass or > inspect..? > > 3) again in ZBF...if the question does not ask anything about from Inside > to outside, should we still inspect the traffic from inside to outside..? > > thanks > Pemasiri > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
