05-13-2022 04:35 AM
Hello all
İ have internet router in my topology . it is first face of internet, has interface connected to ISP router. İ want to hide my interface IP traceroute among internet . My access-list looks ok, it prevents icmp-echo but still ping request reach to my interface , i drop them but i still answer as "ICMP type time-to-live-exceeded" . i do not want to answer anything. Here is my access-list ( it is inbound direction )
access-list 150 deny icmp any any unreachable
access-list 150 deny icmp any any ttl-exceeded
access-list 150 deny icmp any any echo
access-list 150 deny icmp any any time-exceeded
access-list 150 deny icmp any any echo-reply
access-list 150 deny udp any any eq echo
access-list 150 deny udp any eq echo any
access-list 150 permit ip any any
Thank you
Solved! Go to Solution.
05-13-2022 05:03 AM
Did you try to apply the same ACL in outbound direction?
05-13-2022 05:03 AM
Did you try to apply the same ACL in outbound direction?
05-13-2022 05:15 AM
same acl ?
05-13-2022 05:25 AM
it works man
yeah i tried that before but created a new acl . now applied same and worked.
05-13-2022 05:18 AM
what is the device here, what code running ?
can you post example output for us to understand the issue ?
When you doing tranceroute, have you used source as that interface where this ACL applied ?
Here is my access-list ( it is inbound direction )
where is the source IP and destination IP ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide