What does the ASA show for the icmp responses, does it show anything in the log?
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Johan Bornman [mailto:[email protected]] Sent: Friday, May 28, 2010 1:06 PM To: 'Tyson Scott'; [email protected] Subject: RE: [OSL | CCIE_Security] Lab 1A, Q 1.7 Tyson, Here it is: ASA access-list NONAT extended permit ip host 10.7.7.7 host 4.4.4.4 access-list NONAT extended permit ip host 10.7.7.7 host 2.2.2.2 nat (DMZ7) 0 access-list NONAT R2 ip route 4.4.4.4 255.255.255.255 192.1.24.4 ip route 10.7.7.7 255.255.255.255 192.1.24.10 R4 ip route 2.2.2.2 255.255.255.255 192.1.24.2 ip route 10.7.7.7 255.255.255.255 192.1.24.10 Hope this all you need, if not let me know. From: Tyson Scott [mailto:[email protected]] Sent: 28 May 2010 06:58 PM To: 'Johan Bornman'; [email protected] Subject: RE: [OSL | CCIE_Security] Lab 1A, Q 1.7 Can I see your configuration for this. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Johan Bornman Sent: Friday, May 28, 2010 12:21 PM To: [email protected] Subject: [OSL | CCIE_Security] Lab 1A, Q 1.7 Hi, Have a problem with the last task in this question. Pings from 10.7.7.7 (R7) to R4 fails but the debug on R4 gives the correct result, as per the DSG: R4(config)# May 28 16:12:29.823: ICMP: echo reply sent, src 4.4.4.4, dst 10.7.7.7 R4(config)# May 28 16:12:31.819: ICMP: echo reply sent, src 4.4.4.4, dst 10.7.7.7 R4(config)# May 28 16:12:33.819: ICMP: echo reply sent, src 4.4.4.4, dst 10.7.7.7 R4(config)# May 28 16:12:35.819: ICMP: echo reply sent, src 4.4.4.4, dst 10.7.7.7 R4(config)# May 28 16:12:37.819: ICMP: echo reply sent, src 4.4.4.4, dst 10.7.7.7 I checked the nat excemption and NAT configs a few times, what am I missing? Thanks Johan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
