Lesson 5

Question 1

Since the security appliance processes ACLs before any address translation is performed , you should place the __________ in the ACL that the appliance will see in the actual packet header.

Answer 1

source address

Question 2

For traffic moving from higher to lower security :

Answer 2

– The source address argument of the ACL command is the actual local (real) address of the host or network.

Question 3

For traffic moving from lower to higher security :

Answer 3

– The destination address argument of the ACL command is the translated global (mapped) IP address (a public address, typically)

Question 4

Pinging ASA Interfaces

Answer 4

fw1(config )# icmp permit host 172.16.100.2 echo - reply outside

Question 5

Permits all unreachable messages at the outside interface and denies all ping requests at the outside interface

Answer 5

icmp permit any unreachable outside

Question 6

By default, pinging through the security appliance to a security appliance interface__________

Answer 6

is not allowed.

Question 7

Enables echo - reply traffic from subnet 142.232.199.0 /24 at the outside interface through the security appliance to all inside hosts. (An address translation is also required)

Answer 7

access - list PING-IN permit icmp 142.232.199.0 255.255.255.0 any echo - reply
access - group PING-IN in interface outside