Hi Guys, In this task, why is so much effort put into writing such an acl? is it not easier to just do
deny IN-FILTER WEB-MAINT deny IN-FILTER WEB-MAINT permit ip any any ? It does not state anywhere that it is not allowed to pass any other traffic. But in this example great effort is made to permit ntp and bgp peerings, it seems a hassle to me ? The other thing is, why is ip access-list extended WEB_SERVER deny tcp host 9.9.156.2 host 10.10.45.4 <-- done ? In my video it says that this is because we do not want the ACS server to be checked by tcp intercept, and this is the translated address, but that's not true? In the previous task we translated the ACS server to 9.2.1.100, as per the book task. 9.9.156.2 is the interface address of R2, namely gi0/1.1256 rgds, Alef _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
