Solved: hide traceroute

soztekin@hotmail.com · ‎05-13-2022

Hello all

İ have internet router in my topology . it is first face of internet, has interface connected to ISP router. İ want to hide my interface IP traceroute among internet . My access-list looks ok, it prevents icmp-echo but still ping request reach to my interface , i drop them but i still answer as "ICMP type time-to-live-exceeded" . i do not want to answer anything. Here is my access-list ( it is inbound direction )

access-list 150 deny icmp any any unreachable
access-list 150 deny icmp any any ttl-exceeded
access-list 150 deny icmp any any echo
access-list 150 deny icmp any any time-exceeded
access-list 150 deny icmp any any echo-reply
access-list 150 deny udp any any eq echo
access-list 150 deny udp any eq echo any
access-list 150 permit ip any any

Thank you

Flavio Miranda · ‎05-13-2022

Did you try to apply the same ACL in outbound direction?

View solution in original post

Flavio Miranda · ‎05-13-2022

Did you try to apply the same ACL in outbound direction?

soztekin@hotmail.com · ‎05-13-2022

same acl ?

soztekin@hotmail.com · ‎05-13-2022

it works man

yeah i tried that before but created a new acl . now applied same and worked.

balaji.bandi · ‎05-13-2022

what is the device here, what code running ?

can you post example output for us to understand the issue ?

When you doing tranceroute, have you used source as that interface where this ACL applied ?

 Here is my access-list ( it is inbound direction )

where is the source IP and destination IP ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help