Which two options show the required Cisco ASA command(s…

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client
negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port
within the specified UDP port range.

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client
negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port
within the specified UDP port range.

A.
access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside

B.
access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0
255.255.0.0 eq established access-group INSIDE in interface inside

C.
access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0
10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside

D.
access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0
10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside

E.
established tcp 2001 permit udp 5000-5500

F.
established tcp 2001 permit from udp 5000-5500

G.
established tcp 2001 permit to udp 5000-5500

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp176466 Established command–This command allows return connections
from a lower security host to a higher security host if there is already an established connection from the higher level host to the lower level host.
For same security interfaces, you can configure established commands for both directions.



Leave a Reply 0

Your email address will not be published. Required fields are marked *