Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
9
Helpful
8
Replies

how to communicate 1 way?

Go to solution
abellanosachristian
Level 1
Level 1

‎09-15-2015 11:06 AM - edited ‎03-08-2019 01:47 AM

my title may be confusing because I don't even know what it is called by i will try my best to explain the scenario.

 

 

I have Two PCs. Between them may be routers and switches. I want PCA to ping PCB successfully but PCB can't ping PCA. How am I able to do this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to abellanosachristian

‎09-20-2015 09:45 AM

The suggestion was to use an acl that only allowed ICMP echo-reply from PC B to PC A and then apply that to the L3 interface acting as the default gateway for PCB.

Jon

View solution in original post

0 Helpful
8 Replies 8

Go to solution
mdiciero1
Level 1
Level 1

‎09-15-2015 12:10 PM

Use access lists

 

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

Go to solution
abellanosachristian
Level 1
Level 1
In response to mdiciero1

‎09-16-2015 02:53 PM

I have tried ACL but they cause all PCs not to ping each other. 

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to abellanosachristian

‎09-16-2015 06:40 PM

You'll need to use reflexive acls for this. PCA will be allowed out, but PCB will not be allowed in unless a session was started from PCA (reply traffic). Take a look here:

http://packetlife.net/blog/2008/nov/25/reflexive-access-lists/

You should also be able to use CBAC as well...

HTH,

John

** Please rate all helpful posts **

HTH, John *** Please rate all useful posts ***

Go to solution
abellanosachristian
Level 1
Level 1
In response to John Blakley

‎09-17-2015 12:50 PM

I may be a total noob but i don't find reflect as an option on permit ip any any. the following are the only options i could use, dscp and precedence.

I am using packet tracer 6.2 and I also tried different routers.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to abellanosachristian

‎09-18-2015 05:52 PM

I'm not sure about packet tracer. Basically, you create 2 ACLs:

ip access-list ext Outside_In 

evaluate Outside_Usage

deny ip any any

 

ip access-list ext Inside_Out

permit ip any any reflect Outside_Usage

 

int fa0/0 (Outside Interface)

ip access-group Inside_Out out

ip access-group Outside_In in

 

HTH,

John

HTH, John *** Please rate all useful posts ***

Go to solution
abellanosachristian
Level 1
Level 1
In response to John Blakley

‎09-20-2015 05:16 AM

I tried to do that but whenever i enter "evaluate Outside_Usage" it says invalid input detected right at evaluate. Basically my router on packet tracer doesnt have evaluate command nor reflect.

 

Preview file
10 KB
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to abellanosachristian

‎09-20-2015 09:45 AM

The suggestion was to use an acl that only allowed ICMP echo-reply from PC B to PC A and then apply that to the L3 interface acting as the default gateway for PCB.

Jon

0 Helpful

Go to solution
abellanosachristian
Level 1
Level 1
In response to Jon Marshall

‎09-20-2015 09:45 AM

im not able to read your reply here but i can read it on my gmail. Nonetheless, you answer was spot on thank you very much you helped me alot.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card