ACL for icmp and traceroute

Unanswered Question
Aug 3rd, 2009
User Badges:

hi gurus,

is this possible to configure on acl?

1.from Internet to client - deny icmp and tracerotue

2. from client to Internet - allow icmp and traceroute

i have this on my router and my lan cannot do traceroute may be because of the NAT.

interface FastEthernet0/0

description LAN NETWORK

ip address

ip nat inside


interface FastEthernet0/1

description TO-INTERNET

ip address x.x.x.x

ip access-group FIREWALL in

no ip unreachables

ip nat outside

ip access-list extended FIREWALL

permit icmp any any unreachable

permit icmp any any echo-reply

deny udp any any range 33400 34400

deny icmp any any

permit ip any any


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion