Refer to the exhibit. What type of traffic will the policy be applied to when the router is configured with the class-map and policy-map shown?
class-map type inspect match-all INTERNAL-WEB match protocol https match access-group 101 ! policy-map type inspect SEC-INT-WEB class type inspect INTERNAL-WEB inspect ! access-list 101 permit tcp 192.168.10.0 0.0.0.255 host 192.168.100.10
- all traffic that is using either the HTTP protocol or is sourced from the internal LAN IP address range
- all traffic from the internal LAN IP address range to the secure server using any TCP protocol
- only HTTPS traffic sourced from any internal or external source address destined for the secure server
- only HTTPS traffic sourced from the internal LAN IP address range destined for the secure server
| Explanation & Hint:
When the class-map is configured with the match-all criteria, all packets must meet all of the criteria to be considered to be a member of the class. In this example, there are two criteria that must be matched: the HTTPS protocol and the permitted traffic defined by the access list 101. Only packets meeting both conditions will be inspected and passed. |