in

CCIE - Internetwork Expert's Online Community
Forums » Internetwork Expert Products » CCIE R&S Lab Workbook Volume II Version 4.1 » IEWB-RS Volume 2 Version 4.1 Lab 18 » 11.2 No need for local policy routing
Latest post 12-20-2008 4:58 PM by izack.vail@gmail.com. 5 replies.
Page 1 of 1 (6 items)
Sort Posts: Previous Next

  • 09-08-2008 8:37 AM

    11.2 No need for local policy routing

    Reply Contact

    Hello,

     

    this solution works for me (the traceroute hits R5 on Fa0/1):

     

    ************************************************

    !
    interface FastEthernet0/1
     ip address 156.1.58.5 255.255.255.0
     ip nat outside

    !

    ip nat inside source list NAT interface Loopback0 overload

    !

    ip access-list extended NAT
     permit icmp any any port-unreachable
     permit icmp any any time-exceeded

    **********************************************

     

    Correct me if I am wrong?

     

    Thanks,

    Michael
    • Post Points: 35

  • 11-06-2008 6:29 AM In reply to

    • NTllect
    • Top 10 Contributor
    • Joined on 07-11-2008
    • CIS
    • Posts 269
    • Points 3,860

    Re: 11.2 No need for local policy routing

    Reply Contact

    The solution works for me as well.
    • Post Points: 5

  • 12-08-2008 5:21 AM In reply to

    • yknife
    • Top 500 Contributor
    • Joined on 12-02-2008
    • Posts 6
    • Points 120

    Re: 11.2 No need for local policy routing

    Reply Contact

    Actually I do not know why

    1)permit icmp any any port-unreachable

    2)permit icmp any any time-exceeded

    instead of

    3)permit icmp any any

    I think ”permit icmp any any” is enough

    Do anybody know why, thanks?
    • Post Points: 20

  • 12-08-2008 5:33 AM In reply to

    • rmur
    • Top 50 Contributor
    • Joined on 08-18-2008
    • Netherlands
    • Posts 53
    • Points 655

    Re: 11.2 No need for local policy routing

    Reply Contact
    permit icmp any any is enough, but the question asks to allow traceroute.
    When you allow ICMP, a lot more is allowed besides traceroute.

    The port-unreachable (end-point) and time-exceeded (TTL expired) are
    necessary for traceroute to work and the only correct answer for the
    question.


    Rick Mur
    CCIE #21946 (R&S)
    CCNP, CCIP, JNCIA-ER, MCSE
    rick@rickmur.com


    On 8 Dec 2008 05:26:15 -0800
    yknife wrote:

    Actually I do not know why
    1)permit icmp any any port-unreachable
    2)permit icmp any any time-exceeded
    instead of
    3)permit icmp any any
    I think icmp any any is enough
    Do anybody know why, thanks?


    "Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx
    "

    CCIE #21946 (R&S), CCNP, CCIP, JNCIA-ER, MCSE 2003
    • Post Points: 20

  • 12-08-2008 7:59 AM In reply to

    • yknife
    • Top 500 Contributor
    • Joined on 12-02-2008
    • Posts 6
    • Points 120

    Re: 11.2 No need for local policy routing

    Reply Contact

    Thanks,

    Have found

    http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml#traceroute
    • Post Points: 20

  • 12-20-2008 4:58 PM In reply to

    Re: 11.2 No need for local policy routing

    Reply Contact

    Doesn't it say at the beginning of the lab "Do not use any policy routing unless otherwise specified"?  I guess I need a definition of exactly what that means.  This seems to me like the source guide is breaking the rules.
    • Post Points: 5
Page 1 of 1 (6 items)