10-31-2016 07:02 PM - edited 03-07-2019 12:20 AM
Here is the ICMP ACL.....I thought i was supposed to have according the reading I did........but I am seeking advice....
I cannot ping my inside Cisco Router.......from the internet....I think I may have gone overboard here??
access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 deny icmp any any log
Solved! Go to Solution.
11-01-2016 05:01 AM
Hello,
you forgot one line:
access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any echo
access-list 101 deny icmp any any log
11-01-2016 12:10 PM
And now that the problem is resolved, you want to remove the "source-quench" line ... ;-)
11-01-2016 12:48 AM
How is the ACL used? I mean, on which interface it's applied (what the interface is for) and on which direction (input or output)...
11-01-2016 04:31 AM
Hi.....
This ACL is on my "outside interface-Internet".......
I was just trying to prevent any type of "flood" attacks......
I can ping out just fine....
But i cannot ping in.....
11-01-2016 05:01 AM
Hello,
you forgot one line:
access-list 101 remark ---ICMP---
access-list 101 permit icmp any any parameter-problem
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any echo
access-list 101 deny icmp any any log
11-01-2016 08:53 AM
Thank You very much
11-01-2016 12:10 PM
And now that the problem is resolved, you want to remove the "source-quench" line ... ;-)
11-01-2016 01:41 AM
what exactly are you trying to achieve?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide