Need Help In Filtering Router Self Generated Traffic
Can anyone guide me how to filter router self-generated traffic? For example my router interface serial ip is 10.1.1.1 while my fastethernet ip is 22.214.171.124. I have created a n access-list blocking icmp (access-list 100 deny icmp host 10.1.1.1 any). I apply this access-list at the fastethernet outbound. When i try to ping 126.96.36.199 using source ip 10.1.1.1 it still be able to ping. Please advise.
Re: Need Help In Filtering Router Self Generated Traffic
You are encountering a long established behavior of IOS devices. An access list applied outbound on an interface will not filter traffic generated by the router. I am not aware of any way to work around this on the router.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...