cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
180
Views
0
Helpful
1
Replies

consider this qustion

Consider the following configuration:

access-list INSIDE-IN permit ip object INSIDE-SEGMENT any

access-list OUTSIDE-OUT permit tcp 10.0.0.0 255.255.255.0 any eq https

access-list GLOBAL-ACL deny ip any any

object network INSIDE-SEGMENT

subnet 10.0.0.0 255.255.255.0

nat (inside,any) dynamic 209.165.200.254 interface

access-group INSIDE-IN in interface inside

access-group OUTSIDE-OUT out interface outside

access-group GLOBAL-ACL global

If host 10.0.0.108 on the inside interface initiates an HTTP connection to server

192.0.2.150 on the Internet, will it be permitted through the ASA?

a. Yes, it will be permitted.

b. No, it will be denied.

according the book the ans is B

but my according the ans is A

please explain.

Everyone's tags (5)
1 REPLY 1
Highlighted

consider this qustion

Hello,

Answer is A as the ACL interface will go first

More specific first

Regards.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC