Johan,
The question states "Exclude the PAT'ed devices behind R2." What is the PAT address for the devices behind R2? As this exercise is to complete a task and there is no requirement for testing I wouldn't worry about the functionality of the task. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Johan Bornman [mailto:[email protected]] Sent: Friday, June 11, 2010 2:15 PM To: 'Tyson Scott'; [email protected] Subject: RE: [OSL | CCIE_Security] Lab 2a, Task 2.3 (TCP Intercept) Tyson, I still don't understand why R2 is denied in the acl. I also have another question. In the doc below the "Note" states that TCP Intercept cannot be configured on a device where NAT is configured. R5 where TCP intercept is configured has NAT configured from Task 2.2. http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_c fg_tcp_intercpt.html#wp1001032 Thanks Johan From: Tyson Scott [mailto:[email protected]] Sent: 09 June 2010 08:19 PM To: 'Johan Bornman'; [email protected] Subject: RE: [OSL | CCIE_Security] Lab 2a, Task 2.3 (TCP Intercept) Isn't everything NAT'ed to R2's outside address that the task asks to intercept for? I haven't looked but I am pretty sure that is what is happening in the lab. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Johan Bornman Sent: Wednesday, June 09, 2010 11:25 AM To: [email protected] Subject: [OSL | CCIE_Security] Lab 2a, Task 2.3 (TCP Intercept) Hi, Please explain the WEB_SERVER acl. I understand why I need it for tcp intercept but why R2? ip access-list extended WEB_SERVER deny tcp host 9.9.156.2 host 10.0.45.4 permit tcp any host 10.0.45.4 Thanks Johan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
