The configuration of R5 advertises the 10.1.1.0 network. The command network 10.0.0.0 brings both the 10.1.1.0 and 10.2.2.0 interfaces into RIP. Then, passive interface default say listen, but don't send on all interfaces. Next passive interface is removed from the interface to the Asa so r5 will send routes to the Asa. You also need the no auto command so it sends individual subnets. I'd verify R5 if you aren't seeing the route to 10.1.1.0 on the ASA.
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On May 9, 2010, at 7:06 AM, "Johan Bornman" <[email protected]> wrote: > Yes, RIP. The routes are not coming through for the 10.1.1.XX network. The sh > command and config is per the solutions guide. > > > > How will the passive-interface default on R5 affect the route updates for > that network? > > > > From: Brandon Carroll [mailto:[email protected]] > Sent: 09 May 2010 04:00 PM > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 > > > > You are running a routing protocol on the inside. Task 1.2 is where this is > accomplished. > > > > Regards, > > > > Brandon Carroll - CCIE #23837 > > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > > Telephone: +1.810.326.1444 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > Platinum Solutions Group (PSG) provides high-end consulting services with a > primary emphasis on Cisco's Data Center Solutions, Service Provider > Solutions, Unified Communications and Security-enabled infrastructures. Be > sure to visit www.platinumsolutionsgroup.com. > > > > > > > On May 9, 2010, at 3:55 PM, Johan Bornman wrote: > > > > > Yes, it’s vol 1. > > > > The statics point outside, the ACS is on the inside, 1 hop away. > > > > From: Brandon Carroll [mailto:[email protected]] > Sent: 09 May 2010 02:56 PM > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 > > > > Is this Volume 1? If so, Task 1.5 has the static default routes with route > tracking that is configured on the ASA. > > > > Regards, > > > > Brandon Carroll - CCIE #23837 > > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > > Telephone: +1.810.326.1444 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > Platinum Solutions Group (PSG) provides high-end consulting services with a > primary emphasis on Cisco's Data Center Solutions, Service Provider > Solutions, Unified Communications and Security-enabled infrastructures. Be > sure to visit www.platinumsolutionsgroup.com. > > > > > > > > On May 9, 2010, at 12:46 PM, Johan Bornman wrote: > > > > > > Hi, > > > > I cannot ping the ACS at 10.1.1.100. If I add a default route, the ping is > good. Looking at the solutions guide the default route is not present so I > must assume is not permitted. How is the route for the ACS server to be added > to the routing table on the ASA? > > > > Johan > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
