For the exam I would do what the task say. And NOT overdo/ or over think. On Sunday, September 2, 2012, Eugene Pefti wrote:
> I assume it is only for the situation when you need to control outbound > traffic. For the purpose of CCIE lab should we bother with outbound ACL? It > is trusted traffic per ASA security levels. > > Sent from iPhone > > On Sep 2, 2012, at 11:13 AM, "Fawad Khan" > <[email protected]<javascript:_e({}, 'cvml', '[email protected]');>> > wrote: > > The best scenario would be to have acl on both interfaces to allow > communication from either side. > I would Ab inbound acl on the outside interface and inside interface. > > On Sunday, September 2, 2012, Eugene Pefti wrote: > >> Hello folks,**** >> >> I have a rhetoric question.**** >> >> I believe this is a classic task when BGP peers need to authenticate >> through the ASA but my question is not about it.**** >> >> One of my BGP peers is on outside of the ASA and the other is inside. The >> ACL on ASA doesn’t allow BGP traffic from the outside peer and I see >> corresponding denies when it tries to talk to the inside peer.**** >> >> But nothing prevents the inside peer to establish the active session with >> its outside peer and they successfully do it.**** >> >> Now the question. Would you add the ACL on the ASA outside interface >> to allow BGP traffic from the outside peer to the inside one or as long as >> they can establish the session that originates from the inside BGP peer we >> are OK?**** >> >> ** ** >> >> Eugene**** >> >> ** ** >> > > > -- > FNK, CCIE Security#35578 > > -- FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
