Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block ICMP

Hello all,

I have a cisco 2621 router. I just need to block ICMP echo. Actually I have Fa0/0 port configured with Public IP. Peoples can ping the public IP from outside world. I just want to block that. Please let me know the commands.

Thanks

Sooraj N

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Block ICMP

Sooraj

The access list i supplied will not stop ping from the inside network only the outside which is what you requested. If you want to stop ping to your public IP from the inside you need to apply an acl on the inside interface of your router.

If you want to test from outside and you have internet access go to this page and try a ping from there -

http://ping.eu/ping/

Jon

3 REPLIES
Hall of Fame Super Blue

Block ICMP

Sooraj

access-list 101 deny icmp any host echo

access-list 101 permit ip any any

int fa0/0

ip access-group 101 in

Note i have included a "permit ip any any" because there is an implicit deny at the end of any acl. You may already have an acl on the fa0/0 interface so you may need to add the icmp line to that. If you dohave an acl and it has a "permit ip any any" in it already make sure the icmp line goes before that.

Jon

New Member

Block ICMP

Jon,

I did all the commands mentioned above. But I can ping my public IP inside the world. Means I can ping it from inside the network. Also I have no options to ping public Ip from outside the network.

Hall of Fame Super Blue

Block ICMP

Sooraj

The access list i supplied will not stop ping from the inside network only the outside which is what you requested. If you want to stop ping to your public IP from the inside you need to apply an acl on the inside interface of your router.

If you want to test from outside and you have internet access go to this page and try a ping from there -

http://ping.eu/ping/

Jon

287
Views
0
Helpful
3
Replies
CreatePlease login to create content