Hi Kent, I just took my lab (2nd attempt) today. 1. For icmp, you can do any any. For anything else, I’d keep it as specific as possible. For example, you almost always need to do NTP. I guess you could do permit udp any host ntpserverip eq 123, but I always do the more specific hosts just in case. It’s easy to do in an object-group of NTP clients. 2. There’s only a few tasks that ask you to make sure you can ping all major networks. You’ll likely have many interdependent tasks, so it wouldn’t hurt to run a ping script. In CCIE Security, you have to remember not every client should be able to each every IP, sometimes things are VPN’d, VRF’d, or not accessible for one reason or another. -Dan
On Dec 13, 2013, at 3:31 PM, Kent Modes <kentmo...@gmail.com> wrote: > Hi Guys, > > The big day is coming and here are some questions that I am having once it is > going to be my first attempt. > > 1. When configuring ACLs in ASA for ICMP, NTP, TELNET, etc. if the question > is not mentioning, how much specific do we need to be (e.g. any/any; > 10.0.0.0/24; host) ? > 2. Like in the R&S exam, do we have to be sure of full connectivity in the > lab (creating scripts and pinging everywhere) ? Or as long as the show > matches the output should be enough ? > > I'm looking to hear from you guys. > > Best Regards, > Kent J Modes > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
