09-15-2015 11:06 AM - edited 03-08-2019 01:47 AM
my title may be confusing because I don't even know what it is called by i will try my best to explain the scenario.
I have Two PCs. Between them may be routers and switches. I want PCA to ping PCB successfully but PCB can't ping PCA. How am I able to do this?
Solved! Go to Solution.
09-20-2015 09:45 AM
The suggestion was to use an acl that only allowed ICMP echo-reply from PC B to PC A and then apply that to the L3 interface acting as the default gateway for PCB.
Jon
09-15-2015 12:10 PM
Use access lists
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
09-16-2015 02:53 PM
I have tried ACL but they cause all PCs not to ping each other.
09-16-2015 06:40 PM
You'll need to use reflexive acls for this. PCA will be allowed out, but PCB will not be allowed in unless a session was started from PCA (reply traffic). Take a look here:
http://packetlife.net/blog/2008/nov/25/reflexive-access-lists/
You should also be able to use CBAC as well...
HTH,
John
** Please rate all helpful posts **
09-17-2015 12:50 PM
I may be a total noob but i don't find reflect as an option on permit ip any any. the following are the only options i could use, dscp and precedence.
I am using packet tracer 6.2 and I also tried different routers.
09-18-2015 05:52 PM
I'm not sure about packet tracer. Basically, you create 2 ACLs:
ip access-list ext Outside_In
evaluate Outside_Usage
deny ip any any
ip access-list ext Inside_Out
permit ip any any reflect Outside_Usage
int fa0/0 (Outside Interface)
ip access-group Inside_Out out
ip access-group Outside_In in
HTH,
John
09-20-2015 05:16 AM
09-20-2015 09:45 AM
The suggestion was to use an acl that only allowed ICMP echo-reply from PC B to PC A and then apply that to the L3 interface acting as the default gateway for PCB.
Jon
09-20-2015 09:45 AM
im not able to read your reply here but i can read it on my gmail. Nonetheless, you answer was spot on thank you very much you helped me alot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide