Hi Piotr, Yeah, I would think it would be a good question, however my previous experience was not that good when I came with a question like this to him.
In routing protocols I would assume the same thing right? If I know that by redistributing protocols that would create a full convergency, but the question only says you need a VPN tunnel from A to B but they dont tell u how, it would be better to check with the proctor? Mike Sent from my iPhone On Apr 29, 2013, at 7:09 PM, "Piotr Kaluzny" <[email protected]> wrote: > Mike > > Same as what I have told the students today in the class - in a typical > scenario all traffic from higher -> lower is OK. Obviously if they restrict > you some way to be as specific as possible, then you gotta modify the ACL on > a per-case basis > > This also applies to the transparent ASA where e.g. IPv4 multicast traffic is > dropped from higher to lower - then you could create a "permit all" ACL for > the inside, but once again - unless they tell you be specific. > > That would a good question to the proctor, by the way. > > Regards, > -- > Piotr Kaluzny > CCIE #25665 (Security), CCSP, CCNP > Sr. Technical Instructor - IPexpert, Inc. > URL: http://www.IPexpert.com > > > On Tue, Apr 30, 2013 at 1:43 AM, Mike Rojas <[email protected]> wrote: >> Sam and Team, >> >> I was checking the VoDs (They are good) and a question pops up. In normal >> circumstances the ASA is going to allow everything from a higher to lower >> security level. >> >> This is where I got confused the other day. If we are tasked to configure a >> global ACL, all the packets from a higher to lower security level are going >> to be dropped unless allowed by the global ACL. So the big question, if in >> the test, and something like this pops up, what do we do? Do we allow the >> protocols needed for the lab or we allow it based on the behavior it should >> be? >> >> Thats kinda of where the question goes... >> >> (Btw, I still dont see the DSG for the remaining workbooks, ie ASA). >> >> Regards. >> >> Mike. >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
