Hi Mike,
Good question. This really depends on the task. If they explicitly tell you to use global ACL's, then you must use it. Else you can use the interface ACL's. If they don't specify or indicate global ACL feature, then choose a solution which is simple and not complicated and the solution should not break other tasks. Finally, you can ask the proctor for further clarification. The DSG for volume 1 should be released within a week for the remaining sections. Samarth Chidanand Sr Instructor / Developer - IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: [email protected] [mailto:[email protected]] On Behalf Of Mike Rojas Sent: Tuesday, April 30, 2013 5:13 AM To: [email protected] Subject: [OSL | CCIE_Security] ACL order of Operation Sam and Team, I was checking the VoDs (They are good) and a question pops up. In normal circumstances the ASA is going to allow everything from a higher to lower security level. This is where I got confused the other day. If we are tasked to configure a global ACL, all the packets from a higher to lower security level are going to be dropped unless allowed by the global ACL. So the big question, if in the test, and something like this pops up, what do we do? Do we allow the protocols needed for the lab or we allow it based on the behavior it should be? Thats kinda of where the question goes... (Btw, I still dont see the DSG for the remaining workbooks, ie ASA). Regards. Mike.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
