Question

1 Approved Answer

Posted on Sep 24, 2024

Fill in the blanks in the following slides (Hint: there are 12) 1. allow outbound sessions to the Internet 2. allow queries to

Fill in the blanks in the following slides (Hint: there are 12)

image text in transcribed

1. allow outbound ______ sessions to the Internet

2. allow ______ queries to the Internet

3. allow _______ to the Internet

4. allow replies to pings from the Internet

5. allow FTP session initiation to Internet (note this is port 21 (FTP) only... wed also need port 20 (FTP-data) which is absent in this example)

6. allow ______ session initiation to Internet

7. allow ________________________

7a. allow TCP response traffic to externally initiated TCP traffic (i.e., SMTP, FTP, and DNS)

8. prevent ______________________ from entering

9. allow inbound ______ sessions from Internet

10. allow inbound ______ responses Rule Explanations/Purpose 11. allow _____ response tfcto internally initiated

12. allow _______ replies

13. allow unreachable (host or port) msgs

14. allow notification of filtered tfcmsgs

15. allow notification of TTL=0 and lost fragments

16. allow notification that fragmentation was reqd

17. allow inbound FTP tfcto our FTP server

18. allow inbound mail to go to our SMTP server

19. allow DNS __________________ to our DNS server

20. allow Internet clients to get name resolution fmour DNS server

SMTP access-list 122 permit tcp 64.24.14.1 0.0.0.255 any eq 22 2 access-list 122 permit udp 64.24.14.1 0.0.0.255 any eq domain (3) access-list 122 permit icmp 64.24.14.1 0.0.0.255 any echo 4 access-list 122 permit icmp 64.24.14.1 0.0.0.255 any echo-reply G access-list 122 permit top 64.24.14.1 0.0.0.255 any eq ftp access-list 122 permit tcp 64.24.14.1 0.0.0.255 any eq http access-list 122 permit udp 64.24.14.1 0.0.0.255 any gt 1023 TP 6 DNS Svr Svr Internet 64.24.14.0 AAC Client Workstations Edge Router access-list 121 deny ip 64.24.14.0 0.0.0.255 any access-list 121 permit tcp any any eq 22 access-list 121 permit udp any any gt 1023 (11) access-list 121 permit tcp any any gt 1023 established (12 access-list 121 permit icmp any any echo-reply 13 access-list 121 permit icmp any any unreachable (14) access-list 121 permit icmp any any admin-prohibited access-list 121 permit icmp any any time-exceeded (16 access-list 121 permit icmp any any packet-too-big 17 access-list 121 permit top any host 64.24.14.60 eq ftp (18 access-list 121 permit top any host 64.24.14.61 eq smtp access-list 121 permit top any host 64.24.14.61 eq domain 20 access-list 121 permit udp any host 64.24.14.61 eq domain ip access-group 121 in command issued to outisde router interface ip access-group 122 in command issued to inside router interface SMTP access-list 122 permit tcp 64.24.14.1 0.0.0.255 any eq 22 2 access-list 122 permit udp 64.24.14.1 0.0.0.255 any eq domain (3) access-list 122 permit icmp 64.24.14.1 0.0.0.255 any echo 4 access-list 122 permit icmp 64.24.14.1 0.0.0.255 any echo-reply G access-list 122 permit top 64.24.14.1 0.0.0.255 any eq ftp access-list 122 permit tcp 64.24.14.1 0.0.0.255 any eq http access-list 122 permit udp 64.24.14.1 0.0.0.255 any gt 1023 TP 6 DNS Svr Svr Internet 64.24.14.0 AAC Client Workstations Edge Router access-list 121 deny ip 64.24.14.0 0.0.0.255 any access-list 121 permit tcp any any eq 22 access-list 121 permit udp any any gt 1023 (11) access-list 121 permit tcp any any gt 1023 established (12 access-list 121 permit icmp any any echo-reply 13 access-list 121 permit icmp any any unreachable (14) access-list 121 permit icmp any any admin-prohibited access-list 121 permit icmp any any time-exceeded (16 access-list 121 permit icmp any any packet-too-big 17 access-list 121 permit top any host 64.24.14.60 eq ftp (18 access-list 121 permit top any host 64.24.14.61 eq smtp access-list 121 permit top any host 64.24.14.61 eq domain 20 access-list 121 permit udp any host 64.24.14.61 eq domain ip access-group 121 in command issued to outisde router interface ip access-group 122 in command issued to inside router interface