Yes u need the sysopt comand or else u need an acl on the interface to permit the traffic . The 2nd command is only needed if u hv nat control enablled on ASA. --- On Thu, 2/11/10, Kingsley Charles <[email protected]> wrote:
From: Kingsley Charles <[email protected]> Subject: [OSL | CCIE_Security] Yusuf CCIE practice lab 1, 3.2 Lan to Lan IPSec To: [email protected] Date: Thursday, February 11, 2010, 5:01 AM Hi all In the Yusuf's CCIE practice lab 1 - 3.2 Lan to Lan IPSec between ASA and R5, the ASA doesn't have the following in the solution that is provided: sysopt connection permit-vpn nat (inside) 0 access-list 101 for not translating IPSec traffic Without these both commands, IPSec traffic will not pass end to end, right? Any thoughts? With regards Kings -----Inline Attachment Follows----- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
