Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Moving from ACLs to PBRs

In an effort to update some router configs, I am looking at removing our current ACLs and using policy route-maps. The first one I want to put in place will limit ICMP traffic from our ISP. However, when I configure the router for them all ICMP traffic is allowed. Below is an example of what I have in place.

Interface atm4/0/0.100

ip policy route-map ICMP

Interface atm4/0/0.100

Ip address 192.168.1.1 255.255.255.0

access-list 110 permit ICMP 172.16.1.0 0.0.0.255 192.168.1.1 echo

access-list 110 permit ICMP 172.16.1.0 0.0.0.255 192.168.1.1 echo-reply

access-list 110 permit ICMP 172.16.3.0 0.0.0.255 192.168.1.1 echo

access-list 110 permit ICMP 172.16.3.0 0.0.0.255 192.168.1.1 echo-reply

access-list 112 permit ICMP any any echo

access-list 112 permit ICMP any any echo-reply

route-map ICMP permit 10

match ip address 110

set ip interface atm4/0/0.1000

route-map ICMP permit 20

match ip address 112

set interface null0

The current ACL I use blocks ICMP effectively, but I would like to get away from that.

Regards,

KJ

1 REPLY
Bronze

Re: Moving from ACLs to PBRs

As far as I know, the "ip policy route-map" command used to set parameters for outgoing traffic like in your case towards your ISP. So, for that reason only, I think your complete ICMP traffic from your ISP is allowing because it is towards you from your ISP. So, I suggest to please go with ACL's only.

88
Views
0
Helpful
1
Replies
CreatePlease to create content