Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
2
Replies

Why One to One Deny ICMP rule blocking all ICMP traffic for inside host ?

Go to solution
Haider Malik
Level 1
Level 1

‎03-31-2017 04:05 AM - edited ‎03-12-2019 02:09 AM

Hello , I have created one to one deny rule for ICMP just for single inside host to block PING to 8.8.8.8 .

however the rule is blocking all ICMP traffic for this inside host .

I cant ping to any outside from this host 

Can you please explain what is wrong in this rule ? 

I have attached the screen shot . 

Labels:
Preview file
204 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-31-2017 07:11 AM

Once you add an ACL to an interface, you are also adding an implicit "deny any-any".

You need to add a "permit any-any" after the first ACL entry to override that behavior.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-31-2017 07:11 AM

Once you add an ACL to an interface, you are also adding an implicit "deny any-any".

You need to add a "permit any-any" after the first ACL entry to override that behavior.

0 Helpful

Go to solution
Haider Malik
Level 1
Level 1
In response to Marvin Rhoads

‎03-31-2017 07:25 AM

You are always a supper hero here :) . Resolved 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card