Refer to the exhibit. Which option is a result of this configuration?
A.
All ingress traffic on the inside interface that matches the access list is redirected.
B.
All egress traffic on the outside interface that matches the access list is redirected.
C.
All TCP traffic that arrives on the inside interface is redirected.
D.
All ingress and egress traffic is redirected to the Cisco FirePOWER module.
Service policy is applied to inside interface with ACL and Class map.
Answer should be — A
3
0
A service policy only for inside (in by default) attached
4
0
This doc refers to option D; please correct if wrong.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/mpf_service_policy.pdf
0
0
Monty, you are right to say that the documentation says that traffic is filtered bydirectionnaly if applied to an interface.
However, one must also take into consideration the source IP addresses permitted by the access-list used in the class-map. Therefore, NOT ALL ingress and egress traffic will be sent to SFR, only traffic permitted by redirect-acl will make it to the SFR.
“A” is therefore the best answer, though an incomplete answer. A complete answer would have been “Ingress and egress traffic matching the access-list will be redirected” but that answer is not a choice.
3
0