02-06-2012 05:41 AM - edited 03-07-2019 04:45 AM
Hi
I have a router 1 and hosts A and B
Router1#
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-group aaa in
ip access-group bbb out
access-list aaa
10 permit tcp host 192.168.1.2 host 192.168.2.2 eq 3389
access-list bbb
10 permit tcp host 192.168.2.2 eq 3389 host 192.168.1.2
when I ping host 192.168.1.2 from 192.168.2.2 I get message ICMP time out.
but I want to see message host unreacheble
How can I do it?
thkx
02-06-2012 05:47 AM
Hi,
if you want to receive administratively prohibited unreachable messages then you have to enable the sending of such message on the L3 interface if it was disabled by issuing the ip unreachable interface command.
You can verify the setting with sh ip interface command.
Regards.
Alain
02-06-2012 05:52 AM
Hi,
You cant ping the host because you have permited only 3389 port only.
Why you are getting ICMP time out OR Request Timed Out is....
When you are trying to ping the host, in the other case the packet reaches the destination IP and while on the return trip to the source it gets dropped due to you denied it in the access-list
When the packet does not reach the destination IP due to the unavailability of the IP in the routers routing table or the IP is down on the network or the server is down or other reasons you will get a ” Destination host Unreachable” message
Hope the above clear and understand you.
Please rate all the helpfull posts.
Regards,
Naidu.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: