Videos: ACIT.in Class Video 2 – ASA ACLs – record date 3/6/2015
Notes:
- Packet tracer is your friend!!!
- packet-tracer input outside icmp 2.2.2.2 8 0 192.168.56.100
- REMEMBER – inspection first, then ACLs for reply packets
- Traceroute – tricky for ACLs – uses UDP for source, then replies are ICMP – time-exceeded and unreachables
- Careful with outbound ACLs – you start blocking everything and need to punch holes
- Objects (one entity) versus object-groups (one or more entities)
- Admin access – by default telnet is disabled – on 8.4/8.6 there is no default password
- For ASDM – enable the http server and set the enable password
Practice Labs:
- Task 6 – IP Access-Lists on ASA4 Running 8.2
- Task 7 – Access Lists Using Objects on ASA1 Running 8.6
- Task 8 – Object Groups on ASA4 Running 8.2
- Task 9 – Object Groups Using Objects on ASA1 Running 8.6
- Task 10 – Administrative Access
- Task 11 – ICMP Traffic
- Task 12 – URL Filtering
Hi Anthony,
Do you have any recommendations for CCIE Security lab Workbooks?
Thanks,
I would ask to see samples from the various vendors like INE, IPexpert, Micronics, ACIT – then pick what you believe to be the highest quality. I am loving the Tech Specific ACIT workbooks I have. I have not gotten to their full labs yet.