So what does the routing table on R5 and the ASA look like? Regards,
Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com. On May 9, 2010, at 4:31 PM, Johan Bornman wrote: > Brandon, > > I was able to copy the config, my old sessions were still open, although > disconnected: > > R5 > router rip > passive-interface default > no passive-interface FastEthernet0/1.2 > network 10.0.0.0 > no auto-summary > > ASA > router rip > network 10.0.0.0 > passive-interface default > no passive-interface Inside > default-information originate > version 2 > no auto-summary > > > I did not include the authentication config as the 2 devices were talking RIP. > > Thanks > > Johan > > From: Johan Bornman [mailto:[email protected]] > Sent: 09 May 2010 04:27 PM > To: 'Brandon Carroll' > Cc: '<[email protected]>' > Subject: RE: [OSL | CCIE_Security] Lab 1 Task 1.9 > > Thanks. > > Will have to lab it up again. I checked the config and compared with the dsg > a few times but I may have missed something. > > From: Brandon Carroll [mailto:[email protected]] > Sent: 09 May 2010 04:14 PM > To: Johan Bornman > Cc: <[email protected]> > Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 > > The configuration of R5 advertises the 10.1.1.0 network. The command network > 10.0.0.0 brings both the 10.1.1.0 and 10.2.2.0 interfaces into RIP. Then, > passive interface default say listen, but don't send on all interfaces. Next > passive interface is removed from the interface to the Asa so r5 will send > routes to the Asa. You also need the no auto command so it sends individual > subnets. I'd verify R5 if you aren't seeing the route to 10.1.1.0 on the ASA. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities atwww.ipexpert.com/communities and our > public website at www.ipexpert.com > > On May 9, 2010, at 7:06 AM, "Johan Bornman" <[email protected]> wrote: > > Yes, RIP. The routes are not coming through for the 10.1.1.XX network. The sh > command and config is per the solutions guide. > > How will the passive-interface default on R5 affect the route updates for > that network? > > From: Brandon Carroll [mailto:[email protected]] > Sent: 09 May 2010 04:00 PM > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 > > You are running a routing protocol on the inside. Task 1.2 is where this is > accomplished. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website atwww.ipexpert.com > > Platinum Solutions Group (PSG) provides high-end consulting services with a > primary emphasis on Cisco's Data Center Solutions, Service Provider > Solutions, Unified Communications and Security-enabled infrastructures. Be > sure to visit www.platinumsolutionsgroup.com. > > > > > On May 9, 2010, at 3:55 PM, Johan Bornman wrote: > > > > Yes, it’s vol 1. > > The statics point outside, the ACS is on the inside, 1 hop away. > > From: Brandon Carroll [mailto:[email protected]] > Sent: 09 May 2010 02:56 PM > To: Johan Bornman > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 > > Is this Volume 1? If so, Task 1.5 has the static default routes with route > tracking that is configured on the ASA. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > Platinum Solutions Group (PSG) provides high-end consulting services with a > primary emphasis on Cisco's Data Center Solutions, Service Provider > Solutions, Unified Communications and Security-enabled infrastructures. Be > sure to visit www.platinumsolutionsgroup.com. > > > > > > On May 9, 2010, at 12:46 PM, Johan Bornman wrote: > > > > > Hi, > > I cannot ping the ACS at 10.1.1.100. If I add a default route, the ping is > good. Looking at the solutions guide the default route is not present so I > must assume is not permitted. How is the route for the ACS server to be added > to the routing table on the ASA? > > Johan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
