Guys, Strange situation. Two conflicting sources of information. Yusuf lab 2, task 2.4 asks to configure java blocking with CBAC and the solution is to use the permit ACL giving the following explanation:
"To allow the trusted site for Java traffic, you need to use a permit statement in the java-list ACL. It is a common misconception to use a deny statement. The implicit deny statement drops Java packets from any other site automatically" I'm totally OK with it and this is what I thought is the right way. Then I'm listening to IPX audio training on the same topic and I hear quite an opposite. Brandon Carol says the following: "We create an ACL Access-list 12 deny 10.1.1.100 Access-list 12 permit any Denies will be our exemptions for people that do not get filtered by the java list and the permit for everybody else and they would in fact be filtered by the java list" I'm trying to test it in my lab and configured it with both deny and permit statements and to my surprise it is allowed regardless of the action in the ACL. I'm trying to access ACS server because its GUI is java-based from the Test PC through the router with CBAC http inspect configured as follows: ip inspect name CBAC http java-list 1 Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
