4.5 If we go along with the task question not solution.

Refer to http://forum.internetworkexpert.com/ubbthreads.php/ubb/showflat/Number/16787/page/2#Post16787


I think . They should use VLAN 44 not VLAN4. If we refer to the solution


But the more interesting is if the task ask use VLAN4.  So we need to modify access-list of nat as requirement in 3.3.


Quite fun ^-^




  • I think you have two options. 

    i personally added a bypass nat for traffic going from going to

    on R4

    ip access-list extended nat
     deny   ip any host
     permit ip any

    ip access-list extended vpn-asa1
     permit ip host

    crypto map vpn 20 ipsec-isakmp
     set peer
     set transform-set 3des-sha
     match address vpn-asa1

    The alternative solution would be to use in your crypto access-lists

Sign In or Register to comment.