On task 3.1, lab5. Why there is no access list entry to permit OSPF?
No OSPF neighbor on R4 e0/0.
Why outbound ACL dont have permit ip any any in the end ?
Should it be
ip access-list extended TO_OUTSIDE
permit tcp any any reflect MIRROR
permit udp any any reflect MIRROR
permit ip any any
Of course there is no need to do this to complete this task. But i dont see why we have to deny at the end because the task not ask for it/
I suppose you would need the "permit ip any any" is you want to be able to ping from the inside. But the task does say deny all other traffic.
The inbound filter also needs icmp echo-reply and telnet reply to comply with question 2.6 (permit R4 to telnet and ping to BB3 and beyond)
NAT must be enabled on E0/1 and E0/0
Extended IP access list fw-in 10 evaluate eval 20 permit tcp any host 126.96.36.199 neq smtp 30 permit tcp any eq bgp any 40 permit tcp any any eq bgp 50 permit icmp any any echo-reply 60 permit tcp any eq telnet any (51 matches) 1000 deny ip any any log
Extended IP access list fw-out 10 permit tcp any any reflect eval 20 permit udp any any reflect eval
interface Ethernet0/0 ip address 188.8.131.52 255.255.255.0 ip access-group fw-in in ip access-group fw-out out no ip unreachables ip nat outside half-duplex no cdp enableend
interface Ethernet0/1 ip address 10.4.4.4 255.255.255.0 ip nat inside