Hi.. Yeah B and C are correct.. I think you are thinking in reverse direction..
Static and Conduit/Access-list are used for allowing access to traffic from low security interfaces to high security interfaces... Static translation will take precedence over nat bcos the static commands creates a tranlslation as soon as the command is entered.. Cheers.. Tribavan Raina Network Consultant TechTonics Group Limited Level 31 Grand Plimmer Tower 2-6 Gilmer Terrace PO Box 11 199 Wellington Ph: +64 4 385 2628 Fax: +64 4 385 2400 www.techtonics.co.nz -----Original Message----- From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 8:59 AM To: [EMAIL PROTECTED] Subject: Static over glaobal and nat [7:46223] Can someone explain if B and C are the correct answer?? I thought static with conduit alolows traffic from High interface to low interface , Please correct me if otherwise. Practice test for: Cisco MCNS 2.0 Test #2 Incorrect. Your answer was: B D The correct answer(s): B C Which of the following statements is true?? A.) nat and global take precedence over statics command B.) Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value. C.) Statics take precedence over nat and global command pairs D.) Static and conduits must be configured to allow traffic to originate from an interface with a higher security value specified with the nameif command through the PIX firewall to an interface with a lower security value Statics take precedence over nat and global command pairs, which means that nat 1 0 0 only grants outbound access to hosts not specified in the static statement. Static and conduits must be configured to allow traffic to originate from an interface with a lower security value specified with the nameif command through the PIX firewall to an interface with a higher security value. For example, a static and conduit must be configured to allow incoming sessions from the outside interface to the DMZ interface, or from the outside interface to the inside interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46231&t=46223 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
