Hi, Thanks for all your inputs/feedback.
My 1st question again is that let's say that question only ask to allow outside users access webserver via www.xxxx.com and inside users access via http://x.x.x.x:80, for that we use as follows: nat (inside,outside) Nated_IP, real_ip dns So, do we also need to have acl on the firewall to allow http/https access-list outside extended permit tcp any host <nated-ip> eq 80/443 thanks Pemasiri On Wed, Feb 9, 2011 at 3:46 AM, Mark Senteza <[email protected]>wrote: > 1) Are you talking about Port Redirection ? Question isnt too clear. > > 2) I would ask the Proctor to confirm that question. You'd safe yourself > crucial time. > > 3) I havent come across such a scenario, but essentially, that would mean > you design is only allowing inbound traffic and not outbound. But then > again, if that was the case, and you so happened to be told to pass IP > Traffic from outside to inside, just like you mentioned in your second > question, then you can safely assume (maybe not - others can clarify) that > you'd need to pass the same traffic in the reverse direction. It wouldnt be > pass IP though, because in that case, if you are passing IP inbound and > outbound then you'd be defeating the whole purpose of the ZFW. > > Mark > > On Tue, Feb 8, 2011 at 3:26 PM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi All, >> >> I have the following questions and appreciate your correct solutions how >> we face those in the real lab exam.. >> >> 1) if a question asked you to configure nat for allow ftp/http or dns >> doctoring etc.. do we need to configure to allow those traffic >> (http/ftp/dns etc.) on the firewall outside interface in addition to the >> question stated NAT configurations..? >> >> 2. in ZBF if the question said traffic (any ip traffic) from zone x to >> zone y should be allowed...how do we know whether its the class-map with >> pass or class map with inspect..?? >> We know that pass will not have return traffic allow and not state table, >> but how do we understand whether it should be configured for pass or >> inspect..? >> >> 3) again in ZBF...if the question does not ask anything about from Inside >> to outside, should we still inspect the traffic from inside to outside..? >> >> thanks >> Pemasiri >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
