2.1 and 2.3 address space

Hi,

Was wondering what others did for their address pools on 2.1 and 2.3.

On 2.1, the requirement calls for translation to 162.1.19.128/26 address space. The answer shows a global from 162.1.19.129-162.1.19.191.

Realize this is really splitting hairs, but considering this is a Cisco exam, would they want us including the broadcast address from that range?

On 2.3 we run into a similar situation providing dhcp addresses to an address pool in 192.10.1.64/26. The answer shows the address pool from 192.10.1.64-192.10.1.128. This would obviously step into the next address range on the high end. But would the right answer be to create a pool from 192.10.1.65-192.10.1.126?

Even these are really subtle, I would like to avoid losing stupid points if running up against something like this in the lab.

What are other's thoughts?

Thanks,

-Mike

Comments

  • Hi Mike - I know exactly what you are talking about. I don't want to loose stupid points either. Below is what I have come up with for 2.1 and 2.3.

    nat (inside) 1 192.10.1.0 255.255.255.0
    global (outside) 1 162.1.19.9

    nat (inside) 2 access-list DENY_NAT
    global (outside) 2 162.1.19.129-162.1.19.190 netmask 255.255.255.192

    access-list DENY_NAT deny ip 192.10.1.0 255.255.255.0 any
    access-list DENY_NAT permit ip any any


    dhcpd enable inside
    dhcpd dns 192.10.1.200 192.10.1.201
    dhcpd domain junk.com
    dhcpd address 192.10.1.65-192.10.1.126 inside
    dhcpd ping_timeout 1000
  • Hi,

    I think that the ip range goes from 162.1.19.128 to 162.1.19.191, because the 162.1.19.191 and .128 are valid ip addresses in the network 162.1.19.0/24.

    So I thinkg that the pool 192.10.1.64/26 goes from 192.10.1.64 to 192.10.1.127.

    Kind regards
  •  Originally Posted By: pigazo
    Hi,

    I think that the ip range goes from 162.1.19.128 to 162.1.19.191, because the 162.1.19.191 and .128 are valid ip addresses in the network 162.1.19.0/24.

    So I thinkg that the pool 192.10.1.64/26 goes from 192.10.1.64 to 192.10.1.127.

    Kind regards

    Hi, this is exactly what I think, too. Also when I configure Pools for e.g. RA-VPN-IP-Allocation, I also tend to use the full range and not exclude the "network"- and "broadcast"-adress - simply because in such a setup those don't exist. Routing is based on full networks, so that's not a problem.

    greez,
    airflow
  • generic feedback.
    I'm using an ASA5505 for this particular device in this lab.
    when i enter "dhcpd address 192.10.1.65-192.10.1.126 inside" it gives an error saying it only accepts 32 addresses for this command. i'm sure this has something to do with the model/license. when i entered the same command on a pix515e UR, it took it fine.

    ctanner,
    your nat (inside) 2 statement doesn't need the ACL, just like the solution, 0 0 , is fine. The NAT statements are processed in order and the things you denied with your ACL are already covered in the nat 1 statement. your configuration works there, probably just more work than is required.
Sign In or Register to comment.