Somewhere in that lab I remember it stating a requirement that BGP and NTP must be functional throughout the topology. Why would you want simple acls in a security lab? ;)
On Mon, Jul 4, 2011 at 7:59 AM, Alef <[email protected]> wrote: > Hi Guys, > In this task, why is so much effort put into writing such an acl? > > is it not easier to just do > > deny IN-FILTER WEB-MAINT > deny IN-FILTER WEB-MAINT > permit ip any any > > ? It does not state anywhere that it is not allowed to pass any other > traffic. But in this example great effort is made to permit ntp and bgp > peerings, it seems a hassle to me ? > > The other thing is, why is > > ip access-list extended WEB_SERVER > deny tcp host 9.9.156.2 host 10.10.45.4 <-- done ? > > In my video it says that this is because we do not want the ACS server to > be checked by tcp intercept, and this is the translated address, but that's > not true? In the previous task we translated the ACS server to 9.2.1.100, as > per the book task. 9.9.156.2 is the interface address of R2, namely > gi0/1.1256 > > rgds, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Jay Taylor CCIE #28391 @JTIE_6EE7 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
