Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18769
Views
0
Helpful
3
Replies

Block ICMP

Go to solution
soorajn2011
Level 1
Level 1

‎12-26-2013 05:14 AM - edited ‎03-04-2019 09:56 PM

Hello all,

I have a cisco 2621 router. I just need to block ICMP echo. Actually I have Fa0/0 port configured with Public IP. Peoples can ping the public IP from outside world. I just want to block that. Please let me know the commands.

Thanks

Sooraj N

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to soorajn2011

‎12-27-2013 03:38 AM

Sooraj

The access list i supplied will not stop ping from the inside network only the outside which is what you requested. If you want to stop ping to your public IP from the inside you need to apply an acl on the inside interface of your router.

If you want to test from outside and you have internet access go to this page and try a ping from there -

http://ping.eu/ping/

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-26-2013 05:24 AM

Sooraj

access-list 101 deny icmp any host echo

access-list 101 permit ip any any

int fa0/0

ip access-group 101 in

Note i have included a "permit ip any any" because there is an implicit deny at the end of any acl. You may already have an acl on the fa0/0 interface so you may need to add the icmp line to that. If you dohave an acl and it has a "permit ip any any" in it already make sure the icmp line goes before that.

Jon

0 Helpful

Go to solution
soorajn2011
Level 1
Level 1
In response to Jon Marshall

‎12-26-2013 09:51 PM

Jon,

I did all the commands mentioned above. But I can ping my public IP inside the world. Means I can ping it from inside the network. Also I have no options to ping public Ip from outside the network.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to soorajn2011

‎12-27-2013 03:38 AM

Sooraj

The access list i supplied will not stop ping from the inside network only the outside which is what you requested. If you want to stop ping to your public IP from the inside you need to apply an acl on the inside interface of your router.

If you want to test from outside and you have internet access go to this page and try a ping from there -

http://ping.eu/ping/

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card