Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
1
Replies

ACL for icmp and traceroute

jeffersoncbriones
Level 1
Level 1

‎08-03-2009 11:35 PM - edited ‎03-04-2019 05:38 AM

hi gurus,

is this possible to configure on acl?

1.from Internet to client - deny icmp and tracerotue

2. from client to Internet - allow icmp and traceroute

i have this on my router and my lan cannot do traceroute may be because of the NAT.

interface FastEthernet0/0

description LAN NETWORK

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1

description TO-INTERNET

ip address x.x.x.x 255.255.255.252

ip access-group FIREWALL in

no ip unreachables

ip nat outside

ip access-list extended FIREWALL

permit icmp any any unreachable

permit icmp any any echo-reply

deny udp any any range 33400 34400

deny icmp any any

permit ip any any

LAN---fa0/0<NAT-router>fa0/1---internet

Labels:
0 Helpful
1 Reply 1

jeffersoncbriones
Level 1
Level 1

‎08-04-2009 01:53 AM

got it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card