Home > Ticket 5 – R1 ACL

Ticket 5 – R1 ACL

March 26th, 2015 in TSHOOT v2 Go to comments

Configuration on R1

interface Serial0/0/1
 description Link to ISP
 ip address
 ip nat outside
 ip access-group edge_security in

ip access-list extended edge_security
 deny ip any
 deny ip any
 deny ip any
 deny any
 permit ip host any

Answer: add permit ip any command to R1’s ACL

Ans1) R1
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip any command

+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host is permitted to go through the access-list (permit ip host any) but clients cannot ping the web server because R1 cannot establish BGP session with neighbor

Comments (42) Comments
Comment pages
1 5 6 7 26
  1. CCNP-Renew
    May 5th, 2017

    Testing Tshoot in 2 days. Just became a premium member but I am disappointed with the new format. I used Network Tut a couple of years ago when they used the low tech “Read More” link to display full answers was way more user friendly.
    This new simulations are a great idea but not really good for a quick study reference.
    If anyone has updated dumps please send to matt.ryder22 at outlook dot com
    Thank you and good luck.

  2. david
    May 23rd, 2017

    I just passed today. Got 1000/1000. Stick only to networktut.com. All the questions in feb. 2017.pdf from tut came out. Pls practice nothing but tut. All still valid

  3. maha
    June 8th, 2017

    @ david
    Pleease send to my feb.2017.pdf in my email ( {email not allowed})

  4. Andrea
    June 9th, 2017

    Are there updated ccnp Tshoot?? I will the examen next Friday

  5. Slillz
    June 29th, 2017

    I’m confused here. How will this work when OSPF is not redistributing BGP into OSFP?

  6. Kelle
    July 12th, 2017

    Estou muito feliz com meus resultados ate’ momento! http://www.mgbargen.ch/yellabook/guestbook.php

  7. Saleh
    July 12th, 2017

    @ david

    Please send feb.2017 pdf on salehalkaseri@yahoo dot com

  8. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  9. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  10. Brozzo
    September 13th, 2017

    Hello, I have noted that in some of the tickets the device and error is supposed to be “abc” and “123”, however, you will observe the same erroneous config as identified in some other ticket.
    My assumption is that any particular ticket should have only one erroneous config and everything else correct, is this the correct position?

  11. Kyi Lwin
    September 19th, 2017

    Plz send me lastest dump file into my email kyilwin @ ayabank.com

  12. FureC
    October 19th, 2017

    Hi, i dont see any questions in this tickets (5,11,13) thats the way the problems shows up at the exam ???

  13. Life
    October 19th, 2017


    Same puting under the ip access-list extended edge_security’ configuration add the permit ip any’ command the client 1 cannot ping the because other ACLS. So this answer aren’t correct.

  14. Life
    October 19th, 2017

    I’m so sorry. Checked again, this answer is correct.

  15. Missing network command?
    November 3rd, 2017

    On this TT5 noticed another missing network command under router bgp 65001 on R1. Could you pls fix this or advise? Thxs

  16. Anonymous
    November 19th, 2017

    This question was still in the exam today.

  17. Fern
    November 20th, 2017

    Please sent me the latest dump PFD file fjsuarez1981 @ yahoo dot com

  18. Anonymous
    November 21st, 2017

    Hi Anonymous,

    Do you remember the 5 drag n drops questions? Please share.

  19. garga
    December 4th, 2017

    New tshoot dumps available {email not allowed}

  20. garga
    December 4th, 2017

    garga @ inbox dot lv

  21. Lemon
    December 5th, 2017

    what is the question in this ticket?

  22. G-unit
    December 12th, 2017

    Most tickets have the same “question” Client 1 cannot reach server at
    Just check the config for edge security ACL

  23. AAA
    December 16th, 2017

    If anyone has dumps/drag and drop please forward me. Much appreciated ivanmedena (at) gmail thank you..I plan on giving test next week. Will keep you guys informed.

  24. Anonymous
    December 18th, 2017

    Can anyone help with valid dumps? dumanski (at) gmail Thanks!

  25. Laxmikanth
    December 31st, 2017

    GO for premium membership, it would be sufficient to clear the exam.

  26. jgsodia
    January 2nd, 2018

    i took the exam last 20th Dec and i failed, i retook the exam 28th Dec and i passed. all you need is here, the exam is the same in both ocasions

  27. Clap-Back
    January 3rd, 2018

    What @Laxmikanth said.

  28. plop
    January 3rd, 2018

    Where’s the actual question?

  29. Fattah RazzaqghanimughnI
    January 4th, 2018

    I applied this answers which also working:
    Ans1) R1
    Ans2) Access list
    Ans3) enter to “ip access-list extended Edge_Security”, and then execute command “permit ip host”

    However, there will be multiple choice for this question.

  30. Frankie96
    January 4th, 2018

    Hello Networktut.. I don’t understand why R1 is not able to ping it’s own .225 address. Is this an error in the simulation?

  31. networktut
    January 4th, 2018

    @Frankie96: Yes, it is an error. Thanks for your detection, we have just fixed it!

  32. Anonymous
    January 13th, 2018

    Hi. I am new to Networktut. this simulation does not allow validation of answer before submission. is that correct?

  33. Spirit
    January 13th, 2018

    Hello, I am only able to perform traces from DSW1 and to only one IP which is the web server when tracing to from DSW1, I get the following error message “We are very sorry but traceroute to is only allow on DSW1” where it is being sourced. get the same message from all routers. is this by design? not able to perform traces from routers is rather strange. PLease advise.

  34. Anonymous
    January 15th, 2018

    @Spirit, traceroute to and is the same thing, basically it will take the same path so traceroute to the web server should be good enough for your purpose.

  35. @JR
    January 17th, 2018

    Please send feb.2017 pdf on jamesracevedo@gmail dot com

  36. Anonymous
    January 20th, 2018

    How upto date are the labs

  37. Arczi
    January 26th, 2018


    No new questions, everything is here. But be careful, tasks are very tricky and all mentioned bugs are there.

  38. asdf
    February 7th, 2018

    > How will this work when OSPF is not redistributing BGP into OSFP?
    R1 has s static route It redistribute to OSPF

  39. Hunter
    February 9th, 2018


    Just remember the answers as given. Dont waste time thinking too much in the exam as you cannot correct the config in the exam. These answers are all correct.

  40. Sm-New
    February 17th, 2018

    i need to take in a weeks time this exam, can (network tut) or anyone please answer how do we know which question and what answer we need to remember when there is only one question for 13 sim lets that client cannot reach web server etc?

  41. Anonymous
    February 18th, 2018

    @Sm-New, lol

  42. The_Boss
    February 19th, 2018

    guys,please advise in the exam

    what are the bugs on this questtion:
    A)are we able to do a sho run
    B)are we able to do a trace from client 1
    C)is testing from DSW1 fine,if so
    i)will ping work (we should sourse it fro which interface)
    ii)will trace route work(we shld source from which interface)
    D)pings from R1/R2 will they work

    which specific commands should we use to check

Comment pages
1 5 6 7 26