Hi, Just joined and currently working on lab 9 of the IPExpert Workbook. When I look at the latest downloaded final configuration for question 2 (R4's lambeau ACL), it specifically lists a line matching return traffic for web servers followed by a line matching return traffic from FTP servers:
permit tcp 10.1.1.0 0.0.0.255 eq www any remark that line covers the replies from web servers on the inside permit tcp 10.1.1.0 0.0.0.255 any established remark that line is necessary for the FTP server responses since ports vary Would the answer not also be possible to be the following: 1. Just the established line or 2. add gt 1024 to the FTP entry (not a stated requirement, though, I think) Further, the answers seem to take server ports into account, but not client ports, when specific entries are asked and to allow remaining traffic, if only certain flows are explicitly stated to be blocked. Is this normal lab practice, so to speak, or is it typically something to ask the proctor? Kind regards, Kim Blom
