Thursday, April 20, 2006
Non-mirror IPSec ACLs. (Question #57)
Consider this variation on the problem posed in question #56 in the last post. Assume that the ACLs defined in the two routers are changed to be the following instead
Router1
Router2
Note that the two ACLs are not now perfect mirror images of each other.
Which of the following ping attempts (if any) will succeed?
1. ping 192.168.1.254 source 10.1.1.254 from Router1
2. ping 10.1.1.254 source 192.168.1.254 from Router2
Router1
access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
Router2
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
Note that the two ACLs are not now perfect mirror images of each other.
Which of the following ping attempts (if any) will succeed?
1. ping 192.168.1.254 source 10.1.1.254 from Router1
2. ping 10.1.1.254 source 192.168.1.254 from Router2
Comments:
<< Home
One probably simple question but not for me (for some reason I could not find it in google):
How to set up IOS to be able to connect with IPsec\L2TP tunnel from for example windows XP?
How to set up IOS to be able to connect with IPsec\L2TP tunnel from for example windows XP?
# posted by 
: Fri Apr 21, 12:58:00 PM 2006
: Fri Apr 21, 12:58:00 PM 2006
It recommended by Cisco to always use mirrored access lists.
However in this case the access-list that is a subset of the other will work
2. ping 10.1.1.254 source 192.168.1.254 from Router2
-------------------
To answer Marek's question...shouldn't he investigate vpdn?
Post a Comment
However in this case the access-list that is a subset of the other will work
2. ping 10.1.1.254 source 192.168.1.254 from Router2
-------------------
To answer Marek's question...shouldn't he investigate vpdn?
# posted by : Tue Jul 18, 03:30:00 PM 2006
: Tue Jul 18, 03:30:00 PM 2006 << Home
