Home > Ticket 5 – R1 ACL

Ticket 5 – R1 ACL

March 26th, 2015 in TSHOOT v2 Go to comments

Configuration on R1

interface Serial0/0/1
 description Link to ISP
 ip address 209.65.200.225 255.255.255.252
 ip nat outside
 ip access-group edge_security in
!

ip access-list extended edge_security
 deny ip 10.0.0.0 0.255.255.255 any
 deny ip 172.16.0.0 0.15.255.255 any
 deny ip 192.168.0.0 0.0.255.255 any
 deny 127.0.0.0 0.255.255.255 any
 permit ip host 209.65.200.241 any
!

Answer: add permit ip 209.65.200.224 0.0.0.3 any command to R1’s ACL

Ans1) R1
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip 209.65.200.224 0.0.0.3 any command

Note:
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host 209.65.200.241 any) but clients cannot ping the web server because R1 cannot establish BGP session with neighbor 209.65.200.226.

Comments (14) Comments
Comment pages
1 5 6 7 26
  1. CCNP-Renew
    May 5th, 2017

    Testing Tshoot in 2 days. Just became a premium member but I am disappointed with the new format. I used Network Tut a couple of years ago when they used the low tech “Read More” link to display full answers was way more user friendly.
    This new simulations are a great idea but not really good for a quick study reference.
    If anyone has updated dumps please send to matt.ryder22 at outlook dot com
    Thank you and good luck.

  2. david
    May 23rd, 2017

    I just passed today. Got 1000/1000. Stick only to networktut.com. All the questions in feb. 2017.pdf from tut came out. Pls practice nothing but tut. All still valid

  3. maha
    June 8th, 2017

    @ david
    Pleease send to my feb.2017.pdf in my email ( {email not allowed})

  4. Andrea
    June 9th, 2017

    Are there updated ccnp Tshoot?? I will the examen next Friday

  5. Slillz
    June 29th, 2017

    I’m confused here. How will this work when OSPF is not redistributing BGP into OSFP?

  6. Kelle
    July 12th, 2017

    Estou muito feliz com meus resultados ate’ momento! http://www.mgbargen.ch/yellabook/guestbook.php

  7. Saleh
    July 12th, 2017

    @ david

    Please send feb.2017 pdf on salehalkaseri@yahoo dot com

  8. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  9. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  10. Brozzo
    September 13th, 2017

    Hello, I have noted that in some of the tickets the device and error is supposed to be “abc” and “123”, however, you will observe the same erroneous config as identified in some other ticket.
    My assumption is that any particular ticket should have only one erroneous config and everything else correct, is this the correct position?

  11. Kyi Lwin
    September 19th, 2017

    Plz send me lastest dump file into my email kyilwin @ ayabank.com

  12. FureC
    October 19th, 2017

    Hi, i dont see any questions in this tickets (5,11,13) thats the way the problems shows up at the exam ???

  13. Life
    October 19th, 2017

    Dear,

    Same puting under the ip access-list extended edge_security’ configuration add the permit ip 209.65.200.224.0.0.0.3 any’ command the client 1 cannot ping the 209.65.200.241 because other ACLS. So this answer aren’t correct.

  14. Life
    October 19th, 2017

    I’m so sorry. Checked again, this answer is correct.

Comment pages
1 5 6 7 26