Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ICMP (ping) deny from outside network to my router. (urgent)

Dear Experts,

I need very urgent , how to block ICMP (ping) from outsid network to my router , cause for the last couple of days some outside network users or compititors constunt watch and ping to my router , so need icmp block from outside network to my router.

but i need we are able to access ping to outside network from my router.

It's very urgent needed, please.

Thanks in ADV,

Vaib...

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: ICMP (ping) deny from outside network to my router. (urgent

Hello Vaibhav,

I would suggest to use CAR for this

A) CAR with ACL to limit ICMP requests

access-list 111 permit icmp any any echo-request

int WAN

rate-limit input access-group 111 80000 10000 20000 conform-action transmit exceed-action drop

this will accept up to 80 kbps of ICMP requests coming from outside, no limitations on icmp replies received from outside no limitations on other traffic.

B)

or you could use an extended ACL but in this case you can only deny all received ICMP requests

access-list 121 deny icmp any any echo-request

access-list 121permit ip any any

int wan

ip access-group 121 in

I have implemented A) CAR some years ago for a customer

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Re: ICMP (ping) deny from outside network to my router. (urgent

Hello Vaibhav,

I would suggest to use CAR for this

A) CAR with ACL to limit ICMP requests

access-list 111 permit icmp any any echo-request

int WAN

rate-limit input access-group 111 80000 10000 20000 conform-action transmit exceed-action drop

this will accept up to 80 kbps of ICMP requests coming from outside, no limitations on icmp replies received from outside no limitations on other traffic.

B)

or you could use an extended ACL but in this case you can only deny all received ICMP requests

access-list 121 deny icmp any any echo-request

access-list 121permit ip any any

int wan

ip access-group 121 in

I have implemented A) CAR some years ago for a customer

Hope to help

Giuseppe

New Member

Re: ICMP (ping) deny from outside network to my router. (urgent

Dear Giuslar,

Thanks a lot , i need block totaly they are not able to ping to my router.

after configued and apply on wan interface then they are not able to ping my router. but should i ping from router to ping any outside network ???

i need it.

access-list 121 deny icmp any any echo-request

access-list 121permit ip any any

int wan

ip access-group 121 in

Thanks once again!!!

Vaib...

244
Views
0
Helpful
2
Replies
CreatePlease login to create content