I tried to block any ping (ICMP) from internet to my router. i have configured the below ACLs in the router and applied it in the interface connected to internet
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any ttl-exceeded
access-list 110 permit icmp any any echo-reply
access-list 110 deny icmp any any
Applied in Interface connected to Internet as below:
interface ser 0/0
ip address 18.104.22.168
ip access-group 110 in
It is working perfectly by blocking the icmp packets destined to the router, from Internet. Also i am able to ping any public IP from the router console.
But Ironically, when i ping the own interface ser 0/0, it is showing U.U.U
I am not able to ping the self interface after applying the ACLs.
Can you please guide me what is the problem and solution
Hello R.B. Kumar,
as Harold has explained the following happens:
the echo-request leaves the interface and it is placed on wires, the other device on the link sends back the echo-request to your interface where it is discarded.
Because your ACL accepts echo-replies but denies echo-requests.
For this reason you cannot ping the interface itself.
This happens on serial interfaces but also on ATM interfaces.
Hope to help