Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
408
Views
4
Helpful
3
Replies

ACL help

darylanderson
Level 1
Level 1

‎09-02-2003 12:56 AM - edited ‎03-02-2019 10:01 AM

hi,

I'm currently trying to come up with an ACL to prevent the nachi virus killing the network (as I'm sure many administrators are) and was looking for help with a particular access permission.

I work in the IT dept at the main office and I'm creating an ACL that will prevent most nodes on the network from sending ping packets to each other, only I have to create a permission that will allow all members of the IT dept, who are on a specific subnet, to be able to ping any node one of the remote LAN's, which will confirm connectivity in the event of a problem.

The subnet uses the class A private address 10.2.6.0, although there is only six nodes on this subnet. I want them all to have ping permission to the remote LAN. So I have created permission on the local router so that it will allow ping packets from these addresses to be able to ping anywhere, but the remote router won't allow a reply. I'm sure I will have to place the ACL on the ethernet interface (inbound) on the remote router and may have to include 'echo-reply', only I'm just not completely sure what the permit statement will be.

Any help is much appreciated.

Labels:
0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎09-02-2003 04:09 AM

Try:

access-list permit icmp host any echo-reply

Thanks -

darylanderson
Level 1
Level 1
In response to jmia

‎09-02-2003 07:02 AM

so in my example, for the remote router to allow my local segment to ping all hosts on the remote LAN, I would use the following statement -

access-list 101 permit icmp 10.2.6.0 0.0.0.255 any echo-reply

Would this be correct?

0 Helpful

erikhjacobsen
Level 1
Level 1

‎09-03-2003 09:09 AM

Try the ACLs and the Route Map config listed on these links:

> http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

> http://www.cisco.com/warp/public/707/cisco-sn-20030814-blaster.shtml

0 Helpful
Customers Also Viewed These Support Documents