Which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with morethan three extension headers?

– by 0

policy-map type inspect ipv6 IPv6-map
match header routing-type range 0 255
drop
class-map outside-clas
smatch any
policy-map outside-policy
class outside-class
inspect ipv6 IPv6-map
service-policy outside-policy interface outside
Refer to the exhibit.

350-018-ccie-security-written-exam-v4-0_img_027

Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with morethan three extension headers?
A. policy-map type inspect ipv6 IPv6-map
match ipv6 header
count > 3
B. policy-map outside-policy
class outside-class
inspect ipv6 header count gt 3
C. class-map outside-class
match ipv6 header count greater 3
D. policy-map type inspect ipv6 IPv6-map
match header count gt 3
drop

cisco-exams

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.