Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3036
Views
0
Helpful
6
Replies

ICMP ACL......please advise......

Go to solution
DAVID RICHWALSKI
Level 1
Level 1

‎10-31-2016 07:02 PM - edited ‎03-07-2019 12:20 AM

Here is the ICMP ACL.....I thought i was supposed to have according the reading I did........but I am seeking advice....

I cannot ping my inside Cisco Router.......from the internet....I think I may have gone overboard here??

access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 deny   icmp any any log

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to DAVID RICHWALSKI

‎11-01-2016 05:01 AM

Hello,

you forgot one line:

access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any echo


access-list 101 deny   icmp any any log

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Iulian Vaideanu
Level 4
Level 4

‎11-01-2016 12:48 AM

How is the ACL used?  I mean, on which interface it's applied (what the interface is for) and on which direction (input or output)...

0 Helpful

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to Iulian Vaideanu

‎11-01-2016 04:31 AM

Hi.....

This ACL is on my "outside interface-Internet".......

I was just trying to prevent any type of "flood" attacks......

I can ping out just fine....

But i cannot ping in.....

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to DAVID RICHWALSKI

‎11-01-2016 05:01 AM

Hello,

you forgot one line:

access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any echo


access-list 101 deny   icmp any any log

0 Helpful

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to Georg Pauwen

‎11-01-2016 08:53 AM

Thank You very much

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to DAVID RICHWALSKI

‎11-01-2016 12:10 PM

And now that the problem is resolved, you want to remove the "source-quench" line ... ;-)

0 Helpful

Go to solution
Amos Kafwembe
Level 1
Level 1

‎11-01-2016 01:41 AM

what exactly are you trying to achieve?

0 Helpful
Customers Also Viewed These Support Documents