4.5 If we go along with the task question not solution.

Refer to http://forum.internetworkexpert.com/ubbthreads.php/ubb/showflat/Number/16787/page/2#Post16787

 

I think . They should use VLAN 44 not VLAN4. If we refer to the solution

 

But the more interesting is if the task ask use VLAN4.  So we need to modify access-list of nat as requirement in 3.3.

 

Quite fun ^-^

 

Marut

Comments

  • I think you have two options. 

    i personally added a bypass nat for traffic going from 132.1.4.0/24 going to 10.0.0.12

    on R4

    ip access-list extended nat
     deny   ip any host 10.0.0.12
     permit ip 132.1.4.0 0.0.0.255 any

    ip access-list extended vpn-asa1
     permit ip 132.1.4.0 0.0.0.255 host 10.0.0.12

    crypto map vpn 20 ipsec-isakmp
     set peer 10.0.0.12
     set transform-set 3des-sha
     match address vpn-asa1

    The alternative solution would be to use 132.1.255.0/24 in your crypto access-lists

Sign In or Register to comment.