Solved: ACL not blocking ICMP

wilson419 · ‎01-30-2018

Hi all,

I thought this would be a simple question to answer but i can't seem to find the cause but i've got a standard ACL on an interface on a router to block a network of 10.10.10.0 from accessing a server on a different subnet of 172.16.0.0 so i've simply added a standard ACL as:

access-list 10 deny 10.0.0.0 0.255.255.255 (this is the correct netmask) and although i can now NOT access the server via any services such as WEB/FTP etc i can still ping it and get a reply. This isn't a major issue but i thought that ICMP was part of the IP suite in which case this entry "should"block ALL traffic including echos ? There is a permit entry after this for another subnet on 192.168.0.0 0.255.255.255 and this CAN access everything so i'm not sure why it still allows ping responses ?

Is it something simple i'm missing ?

Thanks

Deepak Kumar · ‎01-30-2018

Hi,

If you applied in the correct direction with correct subnet details then it should be work. Please share the running configuration.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Deepak Kumar · ‎01-30-2018

Hi,

If you applied in the correct direction with correct subnet details then it should be work. Please share the running configuration.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

lucaslara · ‎01-30-2018

You need just change the direction of the acl, the acl standard is right.