Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACL help

hi,

I'm currently trying to come up with an ACL to prevent the nachi virus killing the network (as I'm sure many administrators are) and was looking for help with a particular access permission.

I work in the IT dept at the main office and I'm creating an ACL that will prevent most nodes on the network from sending ping packets to each other, only I have to create a permission that will allow all members of the IT dept, who are on a specific subnet, to be able to ping any node one of the remote LAN's, which will confirm connectivity in the event of a problem.

The subnet uses the class A private address 10.2.6.0, although there is only six nodes on this subnet. I want them all to have ping permission to the remote LAN. So I have created permission on the local router so that it will allow ping packets from these addresses to be able to ping anywhere, but the remote router won't allow a reply. I'm sure I will have to place the ACL on the ethernet interface (inbound) on the remote router and may have to include 'echo-reply', only I'm just not completely sure what the permit statement will be.

Any help is much appreciated.

3 REPLIES
Gold

Re: ACL help

Try:

access-list permit icmp host any echo-reply

Thanks -

New Member

Re: ACL help

so in my example, for the remote router to allow my local segment to ping all hosts on the remote LAN, I would use the following statement -

access-list 101 permit icmp 10.2.6.0 0.0.0.255 any echo-reply

Would this be correct?

New Member

Re: ACL help

93
Views
4
Helpful
3
Replies
CreatePlease to create content