Mike Same as what I have told the students today in the class - in a typical scenario all traffic from higher -> lower is OK. Obviously if they restrict you some way to be as specific as possible, then you gotta modify the ACL on a per-case basis
This also applies to the transparent ASA where e.g. IPv4 multicast traffic is dropped from higher to lower - then you could create a "permit all" ACL for the inside, but once again - unless they tell you be specific. That would a good question to the proctor, by the way. Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Technical Instructor - IPexpert, Inc. URL: http://www.IPexpert.com On Tue, Apr 30, 2013 at 1:43 AM, Mike Rojas <mike_c...@hotmail.com> wrote: > Sam and Team, > > I was checking the VoDs (They are good) and a question pops up. In normal > circumstances the ASA is going to allow everything from a higher to lower > security level. > > This is where I got confused the other day. If we are tasked to configure > a global ACL, all the packets from a higher to lower security level are > going to be dropped unless allowed by the global ACL. So the big question, > if in the test, and something like this pops up, what do we do? Do we allow > the protocols needed for the lab or we allow it based on the behavior it > should be? > > Thats kinda of where the question goes... > > (Btw, I still dont see the DSG for the remaining workbooks, ie ASA). > > Regards. > > Mike. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com