Task 2.3 Management Routing =========== --Allow SSH only to R7 but do change protocol on VYY.
I added an access-class and applied to VTY which the solution did but they have also added the control plane mgmt interface command and restricted to one interface. That was not explicitly asked but should we just assume that since access is supposed to be allowed from ACS only allow the interface closet to the ACS to run SSH even though the access class would block that? Task 4.1 Site 2 SIte between R4 and R9 =========== --Use the most secure main mode mesg 3 and 4. The solution used 5 but if the version of IOS supports larger keys should we go for that?. Allows you to add one static route and I added a static on ASA to redirect Vlan 4 to R9 instead of going thru outside via OSPF. The solution has added one static route and then went about changing the admin distance and allow IN-IN on R7 etc. Would we need to do this, I did not as after i changed the NAT (nonat on DMZ did not work had to use static identity NAT) and added static route for Vlan 4 thru R9 the tunnel came up. Task 4.2 - HA IPsec ============= --Shouldn't HSRP run on both the fa0/0 and 0/1 interfaces to detect a failover? --Shouldn't the keepalive be periodic and not on demand? Task 7.1 Source Based RTBH ======================== --If it is source based aren't we supposed to use loose uRPF on the edge routers R1 and R6? Let me know.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
