Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
1
Replies

ACL filtering icmp ECHO-Reply Behavior

Ahmed Mukhtar
Level 1
Level 1

‎06-08-2014 03:46 AM - edited ‎03-04-2019 11:07 PM

Hello Guys.... 

 

                   I needed some help here.....i have attached the topology with this in case you dont get what iam trying to ask

 

i have just 2 routers connected directly like this......     R1<------------> R2,  The network between them is 10.1.12.0/24, R1 has an ip address of

10.1.12.1 & R2 has an ip address  of 10.1.12.2.....Well so far so good hmmm

 

Now the Question is simple i want to block ICMP echo-reply's coming from R1 to R2  simple as that But it only works if i apply an ACL on R2's

Interface in the INBOUND Direction why on earth it dosent work if i apply the ACL on R1's interface in the OUTBOUND direction ??? 

 

THE ACL is this one#  access-list 100 deny icmp host 10.1.12.1 host 10.1.12.2 echo-reply

                                       access-list 100 permit ip any any

It works if i apply this in the inbound direction of R2 but why dosen't it work if i apply this in the OUTBOUND direction of R1?

Please do help me out thanks :)

Labels:
Preview file
12 KB
0 Helpful
1 Reply 1

milan.kulik
Level 10
Level 10

‎06-08-2014 05:55 AM

Hi,

 

I believe that's because "Access lists that are applied to interfaces do not filter traffic that originates from that router."

See http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.html#wp1001135

for details.

 

Best regards,

Milan


 

0 Helpful
Customers Also Viewed These Support Documents