Kings I have not had chance to review yusuf's labs but remember that sysopt connection permit-vpn is applied by default so may not show up in the solution config. You would need to do a sh run all for it to be present in your output.
Stu On Wed, Feb 10, 2010 at 6:01 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > In the Yusuf's CCIE practice lab 1 - 3.2 Lan to Lan IPSec between ASA and > R5, the ASA doesn't have the following in the solution that is provided: > > sysopt connection permit-vpn > nat (inside) 0 access-list 101 for not translating IPSec traffic > > > Without these both commands, IPSec traffic will not pass end to end, right? > > Any thoughts? > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
