cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
729
Views
0
Helpful
2
Replies

ACL not blocking ICMP

wilson419
Level 1
Level 1

Hi all,

 

I thought this would be a simple question to answer but i can't seem to find the cause but i've got a standard ACL on an interface on a router to block a network of 10.10.10.0 from accessing a server on a different subnet of 172.16.0.0 so i've simply added a standard ACL as:

access-list 10 deny 10.0.0.0 0.255.255.255 (this is the correct netmask) and although i can now NOT access the server via any services such as WEB/FTP etc i can still ping it and get a reply. This isn't a major issue but i thought that ICMP was part of the IP suite in which case this entry "should"block ALL traffic including echos ?   There is a permit entry after this for another subnet on 192.168.0.0 0.255.255.255 and this CAN access everything so i'm not sure why it still allows ping responses ?

Is it something simple i'm missing ?

Thanks

1 Accepted Solution

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

If you applied in the correct direction with correct subnet details then it should be work. Please share the running configuration. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

2 Replies 2

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

If you applied in the correct direction with correct subnet details then it should be work. Please share the running configuration. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

lucaslara
Level 1
Level 1

You need just change the direction of the acl, the acl standard is right.

 

 

Review Cisco Networking for a $25 gift card