Not sure how to accomplish this, and I've been beating on it for a few days. My knowledge of IOS is increasing, but still limited in scope so I'm hopeful someone can help me out
I've got a Cisco 1811 router with FastEthernet0 plugged into a cable modem with 5 static IP's. I want to disable the ability for those IP's to be pinged externally except for certain addresses that I specify (I have some offsite servers that I use to monitor the ISP link for example). I also want the ability to be able to ping external addresses from the router as well as any of my inside subnets.
Here are the subnets I use:
I've tried varying ACL's and applied to Fa0, none of which work
Here is what is built currently:
sunvalleyedgrtr01#sh access-lists 102
Extended IP access list 102
10 permit icmp 10.0.0.0 0.0.0.255 any echo
20 permit icmp 10.0.0.0 0.0.0.255 any echo-reply
30 permit icmp 10.0.10.0 0.0.0.255 any echo
40 permit icmp 10.0.10.0 0.0.0.255 any echo-reply
50 permit icmp 10.0.20.0 0.0.0.255 any echo
60 permit icmp 10.0.20.0 0.0.0.255 any echo-reply
70 permit icmp 10.0.30.0 0.0.0.255 any echo
80 permit icmp 10.0.30.0 0.0.0.255 any echo-reply
90 deny icmp any any echo (3147 matches)
100 deny icmp any any echo-reply (5 matches)
110 permit ip any any (428006 matches)
And the relevant config for Fa0:
Outgoing access list is 102
Inbound access list is 102
I think I'm on the right path with how to accomplish what I want to do, but it's not working as anticipated and I'm struggling just a bit trying to get there. The example above is disabling the ability to ping anything, externally or from my subnets.
If you're cable modem is connected to fa0/0, then that's going to be your outside interface. Where are the 10.x.x.x subnets at in your router? Are they on fa0/0 or fa0/1? Does your router do the natting or cable modem/router? Do you have any other equipment in between you like a firewall, etc? The acl looks fine, I figure it's placed on the incorrect interface. Can you post the interface configs?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...