I did the verification as per the solutions guide for R5. The result was exactly the same as in the guide.
The ASA showed only directly connected routes and the 2 sla static routes. I had nothing to compare with as the verification does not check the ASA. My lab is over so I can't paste the result. From: Brandon Carroll [mailto:[email protected]] Sent: 09 May 2010 06:13 PM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 So what does the routing table on R5 and the ASA look like? Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com <http://www.platinumsolutionsgroup.com/> . On May 9, 2010, at 4:31 PM, Johan Bornman wrote: Brandon, I was able to copy the config, my old sessions were still open, although disconnected: R5 router rip passive-interface default no passive-interface FastEthernet0/1.2 network 10.0.0.0 no auto-summary ASA router rip network 10.0.0.0 passive-interface default no passive-interface Inside default-information originate version 2 no auto-summary I did not include the authentication config as the 2 devices were talking RIP. Thanks Johan From: Johan Bornman [mailto:[email protected]] Sent: 09 May 2010 04:27 PM To: 'Brandon Carroll' Cc: '<[email protected]>' Subject: RE: [OSL | CCIE_Security] Lab 1 Task 1.9 Thanks. Will have to lab it up again. I checked the config and compared with the dsg a few times but I may have missed something. From: Brandon Carroll [mailto:[email protected]] Sent: 09 May 2010 04:14 PM To: Johan Bornman Cc: <[email protected]> Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 The configuration of R5 advertises the 10.1.1.0 network. The command network 10.0.0.0 brings both the 10.1.1.0 and 10.2.2.0 interfaces into RIP. Then, passive interface default say listen, but don't send on all interfaces. Next passive interface is removed from the interface to the Asa so r5 will send routes to the Asa. You also need the no auto command so it sends individual subnets. I'd verify R5 if you aren't seeing the route to 10.1.1.0 on the ASA. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities atwww.ipexpert.com/communities and our public website at www.ipexpert.com On May 9, 2010, at 7:06 AM, "Johan Bornman" <[email protected]> wrote: Yes, RIP. The routes are not coming through for the 10.1.1.XX network. The sh command and config is per the solutions guide. How will the passive-interface default on R5 affect the route updates for that network? From: Brandon Carroll [mailto:[email protected]] Sent: 09 May 2010 04:00 PM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 You are running a routing protocol on the inside. Task 1.2 is where this is accomplished. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website atwww.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com. On May 9, 2010, at 3:55 PM, Johan Bornman wrote: Yes, it's vol 1. The statics point outside, the ACS is on the inside, 1 hop away. From: Brandon Carroll [mailto:[email protected]] Sent: 09 May 2010 02:56 PM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1 Task 1.9 Is this Volume 1? If so, Task 1.5 has the static default routes with route tracking that is configured on the ASA. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com. On May 9, 2010, at 12:46 PM, Johan Bornman wrote: Hi, I cannot ping the ACS at 10.1.1.100. If I add a default route, the ping is good. Looking at the solutions guide the default route is not present so I must assume is not permitted. How is the route for the ACS server to be added to the routing table on the ASA? Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
