You would be correct sir.
Somehow I did not read that answer correctly _three_ times.
Sorry bout the incorrect answer
-----Original Message-----
From: Tony van Ree [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 10, 2001 3:49 PM
To: COULOMBE. TROY; [EMAIL PROTECTED]
Subject: RE: Access-list , Cisco exam question [7:41]
Hi,
I would answer
a. telnet sessions will be denied if initiated from any address other than
172.16.0.0 network
Afterall the access list specifically says permit those sessions established
by the 172.16.0.0 network and nothing else is specified therefore I would
assume the implicit deny at this point.
Just a thought.
Teunis
Hobart, Tasmania
Australia
On Tuesday, April 10, 2001 at 12:32:08 PM, COULOMBE. TROY wrote:
> Poorly worded,
> I would have answered (C); because of the keyword (to).
>
> But I guess it depends!
> What I see this access list doing is: allowing return packets of any
telnet
> session established from 172.16.x.x to _any_ other network.
>
> If 172.16.x.x is an external network, then I might (struggle &) say (D).
> Then what the access-list is really saying, and I am assuming that it is
> applied on in interface as "in", is that any telnet session created from
> internal network to the 172.16.x.x net may come back in (established).
And
> any telnet session created to another network (172.31.x.x) would not be
> allowed--return packets dropped, but the initial outgoing packet to
> establish the connection would go out to 172.31.x.x.
>
>
> If 172.16.x.x is an internal network, then I would say (C).
> Then the access-list would be saying, and with another assumption that it
is
> also applied on an interface as "in", is that any telnet session return
> packets may come back to the 172.16.x.x (established).
>
> established : For the TCP protocol only; indicates an
> established connection. A match occurs
> if the TCP datagram has the ACK or RST
> bits set. The nonmatching case is that of
> the initial TCP datagram to form a connection.
>
>
> HTH,
> TroyC
>
>
>
> -----Original Message-----
> From: Arthur Simplina [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 10, 2001 3:49 AM
> To: [EMAIL PROTECTED]
> Subject: Access-list , Cisco exam question [7:41]
>
>
> What is the result of the command?
>
> access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed
>
> a. telnet sessions will be denied if initiated from any address other than
> 172.16.0.0 network
> b. telnet sessions will be denied to the 172.16.0.0 network only
> c. telnet sessions will be permitted regardless of the source address
> d. telnet sessions will be permitted to the 172.16.0.0 network only
> e. telnet sessions will be denied regardless of the source address
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
--
www.tasmail.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=222&t=41
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
