Isn't everything NAT'ed to R2's outside address that the task asks to intercept for? I haven't looked but I am pretty sure that is what is happening in the lab.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Johan Bornman Sent: Wednesday, June 09, 2010 11:25 AM To: [email protected] Subject: [OSL | CCIE_Security] Lab 2a, Task 2.3 (TCP Intercept) Hi, Please explain the WEB_SERVER acl. I understand why I need it for tcp intercept but why R2? ip access-list extended WEB_SERVER deny tcp host 9.9.156.2 host 10.0.45.4 permit tcp any host 10.0.45.4 Thanks Johan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
