We need to apply some strict security rules for one of our client because of the nature of their business. For the ADSL sites, we can login to the router only via some fixed management stations and ssh/telnet traffic from others will be dropped. I have attached a visio diagram.
Like wise, because of the stringent rules the remote users not allowed to ping their local gateway (192.168.219.158) and most of the times they feel hard to troubleshoot any local LAN issues. So I tried to relax the rules to allow one the local users to ping their interface and ping from other source will be dropped. But, unfortunately I didn't succeed in this attempt and once I apply the following configs I can ping from anyware in the network.
In short, I wanted to allow pings from the pc's on the local network to ping its router's LAN interface and pings from any other source should be dropped.
I short, I want to ping the default GW only from the local LAN subnet and block the pings from any other source. As I mentioned, I am kind of achieving this from the 2nd set of ACL's but its blocking other pings to the core.
I partially understand the use of deny statement (3rd line) and it will be great if some one explain me bit more.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...