Deny ICMP, Allow SSH

Answered Question
Apr 27th, 2010

Hi, i hava a cisco 2960. I set an acl to block icmp but i can not conect using ssh now.

I have this problem too.
0 votes
Correct Answer by Reza Sharifi about 6 years 7 months ago

Hi Damian,

Remember that there is a default deny ip any any at the end of any access list.

So you need to add:

"access-list xxx permit IP any any" at the end of your access list to allow every thing else

HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Reza Sharifi Tue, 04/27/2010 - 16:38

Hi Damian,

Remember that there is a default deny ip any any at the end of any access list.

So you need to add:

"access-list xxx permit IP any any" at the end of your access list to allow every thing else

HTH

Reza

Federico Coto F... Tue, 04/27/2010 - 16:40

Hi,

Perhaps the ACL is not just blocking ICMP.

If the ACL blocks SSH as well, that might be the problem.

Check out that the statement is something like this:

access-list 101 deny icmp any host x.x.x.x

The above ACL will only block ICMP.

Another important thing is that if you only have the above line, all subsequent connections are going to be blocked (because there's an implicit deny everything else at the end of the ACL).

So, if your goal is to deny only ICMP, enter the above line and then:

access-list 101 permit ip any any

Hope it helps.

Federico.

Actions

This Discussion

Related Content