Home > Ticket 5 – R1 ACL

Ticket 5 – R1 ACL

March 26th, 2015 in TSHOOT v2 Go to comments

Configuration on R1

interface Serial0/0/1
 description Link to ISP
 ip address 209.65.200.225 255.255.255.252
 ip nat outside
 ip access-group edge_security in
!

ip access-list extended edge_security
 deny ip 10.0.0.0 0.255.255.255 any
 deny ip 172.16.0.0 0.15.255.255 any
 deny ip 192.168.0.0 0.0.255.255 any
 deny 127.0.0.0 0.255.255.255 any
 permit ip host 209.65.200.241 any
!

Answer: add permit ip 209.65.200.224 0.0.0.3 any command to R1’s ACL

Ans1) R1
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip 209.65.200.224 0.0.0.3 any command

Note:
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host 209.65.200.241 any) but clients cannot ping the web server because R1 cannot establish BGP session with neighbor 209.65.200.226.

Comments (34) Comments
Comment pages
1 5 6 7 26
  1. CCNP-Renew
    May 5th, 2017

    Testing Tshoot in 2 days. Just became a premium member but I am disappointed with the new format. I used Network Tut a couple of years ago when they used the low tech “Read More” link to display full answers was way more user friendly.
    This new simulations are a great idea but not really good for a quick study reference.
    If anyone has updated dumps please send to matt.ryder22 at outlook dot com
    Thank you and good luck.

  2. david
    May 23rd, 2017

    I just passed today. Got 1000/1000. Stick only to networktut.com. All the questions in feb. 2017.pdf from tut came out. Pls practice nothing but tut. All still valid

  3. maha
    June 8th, 2017

    @ david
    Pleease send to my feb.2017.pdf in my email ( {email not allowed})

  4. Andrea
    June 9th, 2017

    Are there updated ccnp Tshoot?? I will the examen next Friday

  5. Slillz
    June 29th, 2017

    I’m confused here. How will this work when OSPF is not redistributing BGP into OSFP?

  6. Kelle
    July 12th, 2017

    Estou muito feliz com meus resultados ate’ momento! http://www.mgbargen.ch/yellabook/guestbook.php

  7. Saleh
    July 12th, 2017

    @ david

    Please send feb.2017 pdf on salehalkaseri@yahoo dot com

  8. mkzozo
    August 2nd, 2017

    i have cleared tshoot exam today with 925 everything is from this site. thanks 9TUT. no need to buy some funny dumps

  9. Peter
    August 2nd, 2017

    Passed today with 1000. Ticket valid.

  10. Brozzo
    September 13th, 2017

    Hello, I have noted that in some of the tickets the device and error is supposed to be “abc” and “123”, however, you will observe the same erroneous config as identified in some other ticket.
    My assumption is that any particular ticket should have only one erroneous config and everything else correct, is this the correct position?

  11. Kyi Lwin
    September 19th, 2017

    Plz send me lastest dump file into my email kyilwin @ ayabank.com

  12. FureC
    October 19th, 2017

    Hi, i dont see any questions in this tickets (5,11,13) thats the way the problems shows up at the exam ???

  13. Life
    October 19th, 2017

    Dear,

    Same puting under the ip access-list extended edge_security’ configuration add the permit ip 209.65.200.224.0.0.0.3 any’ command the client 1 cannot ping the 209.65.200.241 because other ACLS. So this answer aren’t correct.

  14. Life
    October 19th, 2017

    I’m so sorry. Checked again, this answer is correct.

  15. Missing network command?
    November 3rd, 2017

    @Networktut:
    On this TT5 noticed another missing network command under router bgp 65001 on R1. Could you pls fix this or advise? Thxs

  16. Anonymous
    November 19th, 2017

    This question was still in the exam today.

  17. Fern
    November 20th, 2017

    Please sent me the latest dump PFD file fjsuarez1981 @ yahoo dot com

  18. Anonymous
    November 21st, 2017

    Hi Anonymous,

    Do you remember the 5 drag n drops questions? Please share.

  19. garga
    December 4th, 2017

    New tshoot dumps available {email not allowed}

  20. garga
    December 4th, 2017

    garga @ inbox dot lv

  21. Lemon
    December 5th, 2017

    what is the question in this ticket?

  22. G-unit
    December 12th, 2017

    Most tickets have the same “question” Client 1 cannot reach server at 209.65.200.241
    Just check the config for edge security ACL

  23. AAA
    December 16th, 2017

    If anyone has dumps/drag and drop please forward me. Much appreciated ivanmedena (at) gmail thank you..I plan on giving test next week. Will keep you guys informed.

  24. Anonymous
    December 18th, 2017

    Can anyone help with valid dumps? dumanski (at) gmail Thanks!

  25. Laxmikanth
    December 31st, 2017

    GO for premium membership, it would be sufficient to clear the exam.

  26. jgsodia
    January 2nd, 2018

    i took the exam last 20th Dec and i failed, i retook the exam 28th Dec and i passed. all you need is here, the exam is the same in both ocasions

  27. Clap-Back
    January 3rd, 2018

    What @Laxmikanth said.

  28. plop
    January 3rd, 2018

    Where’s the actual question?

  29. Fattah RazzaqghanimughnI
    January 4th, 2018

    I applied this answers which also working:
    Ans1) R1
    Ans2) Access list
    Ans3) enter to “ip access-list extended Edge_Security”, and then execute command “permit ip host 209.65.200.226”

    However, there will be multiple choice for this question.

  30. Frankie96
    January 4th, 2018

    Hello Networktut.. I don’t understand why R1 is not able to ping it’s own .225 address. Is this an error in the simulation?

  31. networktut
    January 4th, 2018

    @Frankie96: Yes, it is an error. Thanks for your detection, we have just fixed it!

  32. Anonymous
    January 13th, 2018

    Hi. I am new to Networktut. this simulation does not allow validation of answer before submission. is that correct?

  33. Spirit
    January 13th, 2018

    Hello, I am only able to perform traces from DSW1 and to only one IP which is the web server 209.65.200.241. when tracing to 209.65.200.225 from DSW1, I get the following error message “We are very sorry but traceroute to 209.65.200.241 is only allow on DSW1” where it is being sourced. get the same message from all routers. is this by design? not able to perform traces from routers is rather strange. PLease advise.

  34. Anonymous
    January 15th, 2018

    @Spirit, traceroute to 209.65.200.141 and 209.65.200.225 is the same thing, basically it will take the same path so traceroute to the web server should be good enough for your purpose.

Comment pages
1 5 6 7 26