08-20-2002 08:41 PM - edited 03-02-2019 12:48 AM
All,
I know this is an easy one, but I am new at this and need some help. I have a cisco 2600 running 12.0.21a and it is the connection between my ISP's router and my network. Currently you can ping it and I would like to prevent it from responding to pings, if you guys think thats advisable?
I have entered the following in conf t mode:
HG-Internet(config)#access-list 101 deny icmp any any echo
HG-Internet(config)#access-list 101 deny icmp any any echo-reply
HG-Internet(config)#^Z
And then did a copy run start.
The problem is I can still ping this thing from anywhere. Do I need to reload the config? or is it my syntax?
Any help would be appreciated.
08-20-2002 09:02 PM
Did you actually apply the access-list to an interface? I do not see that in the config. If the interface you wanted to apply it to was s0 the config would be
conf t
int s 0
ip access-group 101 in
Hope this helps
08-20-2002 09:24 PM
No I did not apply it to an interface. However I just applied the following to e 0/0
conf t
int e 0/0 ip access-group 101 in
HG-Internet(config)#access-list 101 deny icmp any any echo
HG-Internet(config)#access-list 101 deny icmp any any echo-reply
Then I went to ping it and it was still pingable. What was interesting though was that the other machines and switch with public addresses no longer were accessible either by ping, telnet or vpn connection.
Should an access list such as this be applied to the serial interface? and if so I do not want it to make my other devices unaccessible.
Thanks
08-21-2002 02:54 AM
If you don't want people to ping from the outside into your network, place the access-list on the interface that connects you to the Internet in this fashion
conf t
int s whatever you are using
ip access-group 101 in
Remember that access-lists have an implied deny everthing at the end so you need to put a permit statement at the end to allow all of the rest of the traffic in. Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide