Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL for icmp and traceroute

hi gurus,

is this possible to configure on acl?

1.from Internet to client - deny icmp and tracerotue

2. from client to Internet - allow icmp and traceroute

i have this on my router and my lan cannot do traceroute may be because of the NAT.

interface FastEthernet0/0

description LAN NETWORK

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1

description TO-INTERNET

ip address x.x.x.x 255.255.255.252

ip access-group FIREWALL in

no ip unreachables

ip nat outside

ip access-list extended FIREWALL

permit icmp any any unreachable

permit icmp any any echo-reply

deny udp any any range 33400 34400

deny icmp any any

permit ip any any

LAN---fa0/0<NAT-router>fa0/1---internet

1 REPLY
New Member

Re: ACL for icmp and traceroute

got it.

461
Views
0
Helpful
1
Replies
CreatePlease to create content