ACL for icmp and traceroute

Unanswered Question
Aug 3rd, 2009
User Badges:

hi gurus,

is this possible to configure on acl?

1.from Internet to client - deny icmp and tracerotue

2. from client to Internet - allow icmp and traceroute


i have this on my router and my lan cannot do traceroute may be because of the NAT.


interface FastEthernet0/0

description LAN NETWORK

ip address 192.168.10.1 255.255.255.0

ip nat inside


!

interface FastEthernet0/1

description TO-INTERNET

ip address x.x.x.x 255.255.255.252

ip access-group FIREWALL in

no ip unreachables

ip nat outside



ip access-list extended FIREWALL

permit icmp any any unreachable

permit icmp any any echo-reply

deny udp any any range 33400 34400

deny icmp any any

permit ip any any


LAN---fa0/0<NAT-router>fa0/1---internet

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion