Thanks for the answer Dan, hope you get your number this time. Cheers, Kent
On Sat, Dec 14, 2013 at 4:54 AM, Dan Gericke <d...@syssec.biz> wrote: > Hi Kent, > I just took my lab (2nd attempt) today. > 1. For icmp, you can do any any. For anything else, I’d keep it as > specific as possible. > For example, you almost always need to do NTP. I guess you could do > permit udp any host ntpserverip eq 123, but I always do the more specific > hosts just in case. It’s easy to do in an object-group of NTP clients. > 2. There’s only a few tasks that ask you to make sure you can ping all > major networks. You’ll likely have many interdependent tasks, so it > wouldn’t hurt to run a ping script. In CCIE Security, you have to remember > not every client should be able to each every IP, sometimes things are > VPN’d, VRF’d, or not accessible for one reason or another. > -Dan > > On Dec 13, 2013, at 3:31 PM, Kent Modes <kentmo...@gmail.com> wrote: > > Hi Guys, > > The big day is coming and here are some questions that I am having once it > is going to be my first attempt. > > 1. When configuring ACLs in ASA for ICMP, NTP, TELNET, etc. if the > question is not mentioning, how much specific do we need to be (e.g. > any/any; 10.0.0.0/24; host) ? > 2. Like in the R&S exam, do we have to be sure of full connectivity in the > lab (creating scripts and pinging everywhere) ? Or as long as the show > matches the output should be enough ? > > I'm looking to hear from you guys. > > Best Regards, > Kent J Modes > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
