TS Approach

Question 1

9

Answer 1

check if you can telnet 80 from R23.

2-check nat translation

Question 2

8

Answer 2

1-check labels to the PE routers

2-to apply an attribute to a default-route, the “neighbor+default-originate” must have the route-map inserted.

Question 3

nat transversal

Answer 3

te permite establecer un vpn con un equipo que llega nateado. el problema es que por default nat te cambia la direccion ip del source, por lo tanto el IKE packet para la negociacion de ipsec is broken, y rompe el authencity y el tunnel no puede ser formado. cuando das enable a nat transversal, el ike. when you enable nat transversal, the devices know the address of the ike packets wont be same so they are aware and the tunnel can be form.

nat transversal allow IPsec packets to traverse across NAT devices.

to enable it, both gateways needs to have it activate with this command:

crypto ipsec nat-transparency udp-encapsulation.

reference: http://www.internet-computer-security.com/VPN-Guide/NAT-T.html

Question 4

bgp speed tip:

Answer 4

bgp listen range 123.0.0.0/8 peer-group IBGP
neighbor IBGP peer-group
neighbor IBGP up 10

Question 5

1

Answer 5

check if R7/R8 can reach vlan 100.

for last, make sure the data is symmetic, the way sw1 learns about the routes is because R7 and R8 redistribute bgp in ospf, make sure metrics are equal.

Question 6

2

Answer 6

peer default ip address pool dhcp-pool alex : asi se asigna al peer un ip address de un dhcp.

Question 7

config problems:

Answer 7

mpls not working:

1-check your labels
2-check that R1 has “route-reflector-client in his ibgp neighbors.