1 / 1

S1/3.6

Router A. Router B. S1/3.6. S0.1. interface Serial1/3.6 point-to-point description RouterA ip address 10.0.1.109 255.255.255.252 ip access-group AList out frame-relay interface-dlci x crypto map RouterB crypto map RouterB 112 ipsec-isakmp set peer 10.0.1.110

ura
Télécharger la présentation

S1/3.6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Router A Router B S1/3.6 S0.1 interface Serial1/3.6 point-to-point description RouterA ip address 10.0.1.109 255.255.255.252 ip access-group AList out frame-relay interface-dlci x crypto map RouterB crypto map RouterB 112 ipsec-isakmp set peer 10.0.1.110 set transform-set set-201 match address match Extended IP access list AList 10 deny ip 192.0.0.0 0.255.255.255 any 11 deny ip host 10.9.9.12 any 12 deny ip any host 10.9.9.5 20 permit ip any any interface Serial0.1 point-to-point description RouterB bandwidth 512 ip address 10.0.1.110 255.255.255.252 ip access-group AList2 out frame-relay interface-dlci x crypto map RouterA crypto map RouterB 112 ipsec-isakmp set peer 10.0.1.109 set transform-set set-201 match address match Extended IP access list AList2 10 deny ip any 192.0.0.0 0.255.255.255 11 deny ip any host 10.9.9.12 12 deny ip any host 10.9.9.5 20 permit ip any any Server 192.9.112.26 Crypto map RouterA and crypto map Router B have the following match address ip access-list extended match permit icmp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 deny eigrp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 permit ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 permit ip 10.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255 permit ip 192.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 Server 10.9.9.12 What is the problem? As you can see I have on both Routers on their serial interface the ip access-group Alist out and Alist2 out. I do not want the LAN to pass any information according to those Access-Lists. On the other hand I have on the match access-list for the crypto i permit those traffic to pass through since I want them to be encrypted. If I remove any permit (lets say the 192.0.0.0/8 to 10.0.0.0/8) then the Router B cannot see the 192.0.0.0/8. If I leave it as it is then the RouterB can see the 192.0.0.0/8 network. So in one hand I have the match access-list which permits that traffic and on the other hand the Alist2 and Alist which denys that traffic. The one access-list deactivates the other access-list. It’s obvious that there is a collusion here. How can I solve this problem?

More Related