access-list question

Unanswered Question
Aug 18th, 2008

i have access-list applied on route r interface--

interface Ethernet0/1

description Pt-Pt Connection to ATT CE Router

ip address 10.137.255.254 255.255.255.252

ip access-group 190 out

ip directed-broadcast

half-duplex

i have few servers connected to switch in network.i can ping the servers from switch and also from there gateway which is router.but not from outside

i found access list on router


Extended IP access list 190

which shows


deny icmp any any echo-reply (23151 matches)

deny icmp any any echo (15906 matches)

is this reason why i can not ping server from outside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Mon, 08/18/2008 - 08:39

mahesh


That certainly does look like the reason. This line in the access list:

deny icmp any any echo-reply (23151 matches)

denies the ping response (echo-reply is the response to ping). And since it is applied outbound to the outside it would deny any ping response to requests generated from outside.


HTH


Rick

Actions

This Discussion