Lab5 Task 3.1

Hi all,


On task 3.1, lab5.  Why there is no access list entry to permit OSPF?




  • No OSPF neighbor on R4 e0/0.

  • Why outbound ACL dont have permit ip any any in the end ?


    Should it be

    ip access-list extended TO_OUTSIDE

    permit tcp any any reflect MIRROR

    permit udp any any reflect MIRROR

    permit ip any any


    Of course there is no need to do this to complete this task. But i dont see why we have to deny at the end because the task not ask for it/

  • I suppose you would need the "permit ip any any" is you want to be able to ping from the inside. But the task does say deny all other traffic.

  • The inbound filter also needs icmp echo-reply and telnet reply to comply with question 2.6 (permit R4 to telnet and ping to BB3 and beyond)

    NAT must be enabled on E0/1 and E0/0

    Extended IP access list fw-in
        10 evaluate eval
        20 permit tcp any host neq smtp
        30 permit tcp any eq bgp any
        40 permit tcp any any eq bgp
        50 permit icmp any any echo-reply
        60 permit tcp any eq telnet any (51 matches)
        1000 deny ip any any log

    Extended IP access list fw-out
        10 permit tcp any any reflect eval
        20 permit udp any any reflect eval


    interface Ethernet0/0
     ip address
     ip access-group fw-in in
     ip access-group fw-out out
     no ip unreachables
     ip nat outside
     no cdp enable


    interface Ethernet0/1
     ip address
     ip nat inside

Sign In or Register to comment.