Let's say I have a router with two interfaces, external (Internet facing) and internal (LAN facing) and I have a single access list applied to the external interface.
This is the access list:
Access-list 110 deny any any
This access list is applied to the external interface as follows:
IP access-group 110 in
My questions are:
- If a user from the LAN pings an external host on the Internet, would the ICMP return traffic (timeout, echo-reply, destination unreach.. etc.) be allowed to pass through the access list successfully or would it be blocked?? And why?
- Do I need to explicity specify what ICMP return traffic to allow before that icmp traffic can pass through?
appreciate your response