host unreacheble message

Krasnoperov · ‎02-06-2012

Hi

I have a router 1 and hosts A and B

Router1#

interface vlan 1

ip address 192.168.1.1 255.255.255.0

ip access-group aaa in

ip access-group bbb out

access-list aaa

10 permit tcp host 192.168.1.2 host 192.168.2.2 eq 3389

access-list bbb

10 permit tcp host 192.168.2.2 eq 3389 host 192.168.1.2

when I ping host 192.168.1.2 from 192.168.2.2 I get message ICMP time out.

but I want to see message host unreacheble

How can I do it?

thkx

cadet alain · ‎02-06-2012

Hi,

if you want to receive administratively prohibited unreachable messages then you have to enable the sending of such message on the L3 interface if it was disabled by issuing the ip unreachable interface command.

You can verify the setting with sh ip interface command.

Regards.

Alain

Don't forget to rate helpful posts.

Latchum Naidu · ‎02-06-2012

Hi,

You cant ping the host because you have permited only 3389 port only.
Why you are getting ICMP time out OR Request Timed Out is....

When you are trying to ping the host, in the other case the packet reaches the destination IP and while on the return trip to the source it gets dropped due to you denied it in the access-list

When the packet does not reach the destination IP due to the unavailability of the IP in the routers routing table or the IP is down on the network or the server is down or other reasons you will get a ” Destination host Unreachable” message

Hope the above clear and understand you.
Please rate all the helpfull posts.
Regards,
Naidu.