hi,

I have difficulty to use access-list to block the VPDN users from trace to virtual interface ip unnumber interface ip.

Every time traceroute to public ip, the virtual ip unumbered ip will revealed. I try using access-list, it can block any access to internal private network, but not the directconnected virtual ip unnumbered.

When vpdn user traceroute , we can see the 10.124.250.221 ip.

How to block this ip from seeing it on traceroute ?

Many thanks

Virtual-Template1

ip unnumbered FastEthernet1/0/1

ip access-group 130 in

ip access-group 131 out

ip verify unicast reverse-path

peer default ip address pool wbbtestpool

ppp authentication chap wbb

ppp authorization wbb

interface FastEthernet1/0/1

ip address 10.124.250.221 255.255.255.224

no ip redirects

no ip proxy-arp

access-list 130 permit ip any host 10.124.250.166

access-list 130 permit ip any host 10.124.250.168

access-list 130 deny icmp any 10.124.250.0 0.0.0.255

access-list 130 deny ip any 10.124.250.0 0.0.0.255

access-list 130 deny ip any 10.124.249.0 0.0.0.255

access-list 130 deny ip any 202.146.80.216 0.0.0.3

access-list 130 deny ip any 10.80.205.0 0.0.0.255

access-list 130 permit ip any any

access-list 131 deny icmp 10.124.250.0 0.0.0.255 202.179.100.0 0.0.0.255 log

access-list 131 deny icmp 10.124.250.0 0.0.0.255 202.179.101.0 0.0.0.255 log

access-list 131 permit ip any any