Solved: Static Route

Tyron Lee · ‎11-08-2017

Hello all seniors...... I have a question. For eg; I simulate ten router by using a static route in GNS3. I want to have connection all routers and I can ping from a loop of router 1 to loop of the last router. But I want to know, can I block the ping connection from inside router. Means, I used Router R1,R2,R3.....R10. I want to have connection for all router, but for security,I want how I can't ping Router 10 from inside routers except routerR1. Thanks for your answer.... Regards: Tyron Lee

Seb Rupik · ‎11-08-2017

Hi there,

If I've understood your questions, create an ACL which blocks ICMP packets sourced from R1. Apply this ACL inbound on the R2 interface which is connected to R1.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎11-08-2017

Hi there,

If I've understood your questions, create an ACL which blocks ICMP packets sourced from R1. Apply this ACL inbound on the R2 interface which is connected to R1.

cheers,

Seb.

Jon Marshall · ‎11-08-2017

Yes you can do this.

If you simply want to only allow R1 to ping R10 the easiest way is to use an acl on R10 and apply it inbound on the interface that connects to R9.

The format of the acl would be along the lines of -

permit icmp from R1 loopback to R10 loopback
deny icmp from any to R10 loopback
permit ip any any

the last line is only needed if you want to allow other traffic.

The above acl would not stop R2 -> R9 sending an ICMP echo request to R10 but it would stop R10 doing anything with it.

Jon