It all depends on therequirment. By using acl you can specify which server to inspect and which server not to inspect and then appl it to any interface you want.
However the second way inspects all the smtp traffic passing through the interface. Essentially it all depends on the requirement. On Friday, December 23, 2011, Andrey Klyuchka <[email protected]> wrote: > You can use both on lab, but there are some thoughts: > use second method if you need simple any-to-any smtp inspection on custom ports for new custom policy-map (inspect esmtp included in default global policy); > in first case you will be easier to specify an inspection policy for particular smtp server, like this: > access-list SMTP permit tcp any host 1.1.1.1 eq smtp > class-map SMTP > match access-list SMTP > Best regards, > Andrey > > -- > Andrey Klyuchka :: CCIE #30274 (Security) > Twitter: http://twitter.com/bitstriker > LinkedIn: http://kz.linkedin.com/in/andreyklyuchka > > > > On Dec 23, 2011, at 3:44 PM, Piotr Tokarzewski wrote: > > Hi all, > > > > Is there any difference between this two: > > > > access-list SMTP permit tcp any any eq smtp > class-map SMTP > match access-list SMTP > > > > and > > > > class-map SMTP > match port tcp smtp > > > > > > Which one we should use on exam > > > > Thanks > Piotr > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
