Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Stop incoming ICMP ON Serial0

Hi

I have 1603R with 12.0 IOS. I want to stop incoming ICMP on the router

This is what i Have used.

access-list 101 deny icmp any any

But to my surprise i still c icmp packets reaching my firewall.

What I want is i should be able to ping others but other should be not be able to ping or use any kind of icmp on me...

Regds

RamP

2 REPLIES
New Member

Re: Stop incoming ICMP ON Serial0

Applying the acl to an interface, as in:

int s0/0

ip access-group 101 in

will deny all inbound icmp on Serial 0/0.

New Member

Re: Stop incoming ICMP ON Serial0

To block inbound ICMP but allow ICMP replies your acl should look like this:

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny icmp any any

access-list 101 permit ip any any

This allows all the ICMP returns to you, denies ICMP inbound and the last line negates the implied deny all that is at the end of all access lists.

After creating the access-list you then need to apply it to the serial interface. Go to interface configuration mode and apply the following:

access-class 101 in

That's all ther is to it.

144
Views
0
Helpful
2
Replies
CreatePlease to create content