Attached is my configuration.
What I want to have happen is the 192.168.1.x users that originate traffic on the 'interface BVI1' to ping out on the Internet to any IP address.
I do not want anyone on the Internet to be able to ping my DHCP address from Comcast on Fa4.
Is that possible?
I only have one static NAT translation:
ip nat inside source static tcp 192.168.1.10 3389 interface FastEthernet4 3389
hello, if your fa4 is internet facing you could add an inbound acl to block any traffic you don't want to participate in a service, like dhcp and ping.