Problem in Packet tracer: ping in Configure IP ACLs to Mitigate Attack

Joaquin7 · ‎09-04-2025

Hello, nice to meet you. I'm having trouble with the Packet Tracer activity: Configure IP ACLs to Mitigate Attacks. The problem is very silly, but it won't let me move forward: the first step asks me to ping from PC A to PC C. I've done this several times, including Tracerout, and I can't get the program to recognize the ping and be able to continue with the activity. What can I do? Thanks in advance.

Edson A. Hernandez · ‎09-05-2025

Can you share the Packet Tracer activity file (.pka) so I can check it directly? Sometimes the issue is with how the activity is configured, not the ping itself.

Joaquin7 · ‎09-05-2025

Yes, there you go. It's happened to me in some other activities too. No matter how many times I ping, the activity doesn't detect it and I can't move forward. Maybe I'm doing something wrong, but I don't think so. I've done it this way in other activities and it's let me continue. Thank u!!

sidshas03 · ‎09-05-2025

Thank you @Joaquin7 for sharing the activity file. In Packet Tracer activities, the problem usually isn’t that your ping is failing, it’s that the activity file is coded to look for a very specific configuration or command before it gives you the green tick and allows you to move ahead. Even if the devices are able to ping in real, the .pka file will not recognise it unless you have set the ACL in the exact direction, applied it to the correct interface, and used the right source-destination match. For example, if the instruction says “ping from PC-A to PC-C”, it literally expects you to open the command prompt in PC-A and ping PC-C’s IP. If you ping from PC-B or use traceroute first, the activity won’t count it. Same way, if the ACL is placed on the wrong interface or in the wrong direction, the traffic might still pass but the grader will not validate it. So, don’t think your configuration is totally wrong, it’s just that the Packet Tracer activity is very strict in checking only what it is programmed to. Best thing is to re-read the task, apply the ACL exactly as written, and try the ping from the exact device mentioned. Then only it will let you move forward.

Config Lines on Router:

access-list 100 permit icmp host 192.168.1.10 host 192.168.2.10
access-list 100 permit icmp host 192.168.2.10 host 192.168.1.10
!
interface g0/0 ← this is the side facing PC-A
ip access-group 100 in

Joaquin7 · ‎09-05-2025

Thanks for your reply. Sorry if I didn't understand something, but English isn't my native language. According to what you've told me, what I should do is ping directly without doing anything else, but even so, I do that and the activity doesn't recognize it. I must say that I've been able to progress with pinging without any problems in other activities, but I can't here. What is the CLI code you posted below for? Should I put it in R1?

sidshas03 · ‎09-05-2025

Yes, the CLI code I posted is meant to be applied on R1. The idea is that you create an ACL (access list) that permits ICMP (ping) traffic specifically between PC-A and PC-C, and then apply that ACL on the correct interface of R1 in the right direction (usually in on the interface facing PC-A).