772
Views
0
Helpful
2
Replies
ACL ICMP - block IN allow OUT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2020 08:57 AM
Hello,
I have a simple question about my ACL.
The problem is if i block all ICMP incomming, i can't do a ping from the Server.
- permit icmp host <public-ip> any --->>> not work
interface Vlan100 description <description> ip address <public-ip> ip access-group <acl> out no ip redirects no ip unreachables no ip proxy-arp end
ip access-list extended <acl> permit tcp any any established permit icmp host <public-ip> any permit tcp any host <public-ip> eq ftp permit tcp any host <public-ip> eq ftp-data permit tcp any host <public-ip> eq www permit tcp any host <public-ip> eq 443 permit tcp any host <public-ip> eq 8080 permit tcp any host <public-ip> eq 9090 permit ip host <my-home-ip> host <public-ip> permit icmp host <monitoring-ip> host <public-ip>
Best Regards
Labels:
- Labels:
-
Catalyst 6000
2 Replies 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2020 10:24 AM
Hi,
What is the inbound access list for blocking inbound traffic? So, inbound should block ICMP traffic from outside and outbound access list should block or allow traffic from inside to outside. Can you post "sh run"?
HTH
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2020 11:21 AM
Hi,
the "WAN" Vlan interface doesn't have an ACL.
Inbound filtering is not the problem. Ping from a Maschine to 1.1.1.1 doesnt work without permit icmp any any
the "WAN" Vlan interface doesn't have an ACL.
Inbound filtering is not the problem. Ping from a Maschine to 1.1.1.1 doesnt work without permit icmp any any
