cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
0
Helpful
1
Replies

consider this qustion

gaurav bhardwaj
Level 1
Level 1

Consider the following configuration:

access-list INSIDE-IN permit ip object INSIDE-SEGMENT any

access-list OUTSIDE-OUT permit tcp 10.0.0.0 255.255.255.0 any eq https

access-list GLOBAL-ACL deny ip any any

object network INSIDE-SEGMENT

subnet 10.0.0.0 255.255.255.0

nat (inside,any) dynamic 209.165.200.254 interface

access-group INSIDE-IN in interface inside

access-group OUTSIDE-OUT out interface outside

access-group GLOBAL-ACL global

If host 10.0.0.108 on the inside interface initiates an HTTP connection to server

192.0.2.150 on the Internet, will it be permitted through the ASA?

a. Yes, it will be permitted.

b. No, it will be denied.

according the book the ans is B

but my according the ans is A

please explain.

1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

Answer is A as the ACL interface will go first

More specific first

Regards.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: