Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Gateway Router - Blocking Inbound ICMP

I currently have a Cisco 851 router that I recently bought, and I am trying to block inbound ICMP traffic to my Router/LAN.

I recently added these entries into my inbound ACL:

access-list 101 deny icmp any any echo
access-list 101 deny icmp any any redirect
access-list 101 deny icmp any any mask-request
access-list 101 deny icmp any any fragments

However when I ping my WAN IP remotely, I get:

"Destination network unreachable"

Instead of...

"Request Timed Out..." Like I would usually get on my old WRT54GL that was set to block ICMP.

Is there a way to prevent the "network unreachable" messages from going out?

3 REPLIES
Hall of Fame Super Silver

Re: Gateway Router - Blocking Inbound ICMP

Hello Steven,

on what interface have you applied the ACL and in what direction ?

when you say you ping remotely you mean you are pinging from the internet?

Hope to help

Giuseppe

New Member

Re: Gateway Router - Blocking Inbound ICMP

The 101 ACL is configured for inbound traffic on my FastEthernet4 interface (WAN interface).

Yes I am pinging from the internet side.

My interfaces are as follows:

(VLAN1) [10.10.0.1]

FastEthernet0

FastEthernet1                 <<<< SWITCH PORTS

FastEthernet2

FastEthernet3

FastEthernet4                <<< WAN INTERFACE

fe4 is my outside NAT, and Vlan1 is my inside nat. All my inside hosts share my WAN ip address. Typical router setup for home internet use.

Re: Gateway Router - Blocking Inbound ICMP

Hi,

I'd expect your ACL to block Pings incoming if applied correctly:-(

You might be getting "Network Unreachables" ICMP replies if you were running a trace from another Cisco router - it would be sending UDP instead of ICMP.

Have you tried to configure

no ip unreachables

on your WAN interface?

HTH,

Milan

1728
Views
4
Helpful
3
Replies
CreatePlease login to create content