Thursday, April 20, 2006


Non-mirror IPSec ACLs. (Question #57)

Consider this variation on the problem posed in question #56 in the last post. Assume that the ACLs defined in the two routers are changed to be the following instead


access-list 101 permit ip


access-list 101 permit ip

Note that the two ACLs are not now perfect mirror images of each other.

Which of the following ping attempts (if any) will succeed?

1. ping source from Router1
2. ping source from Router2

One probably simple question but not for me (for some reason I could not find it in google):
How to set up IOS to be able to connect with IPsec\L2TP tunnel from for example windows XP?
It recommended by Cisco to always use mirrored access lists.

However in this case the access-list that is a subset of the other will work

2. ping source from Router2

To answer Marek's question...shouldn't he investigate vpdn?
Post a Comment

Links to this post:

Create a Link

<< Home

This page is powered by Blogger. Isn't yours?