RE: Access List ping

Fri, 21 Jul 2000 22:12:34 -0700 

extended ip access-list

!permit outgoing 'ping' from 10.0.0.0 network
access-list 101 permit icmp 10.0.0.0 0.255.255.255 any echo
access-list 101 deny icmp any any

!permit returning 'ping' from 10.0.0.0 network
access-list 102 permit icmp any 10.0.0.0 0.255.255.255 echo-reply
access-list 102 deny icmp any any

This will only allow icmp type "echo" from the internal LAN out.. and the
reply back.  All other ICMPs (administratively-forbidden, TTL-expired, etc)
will be denied.

Another (and in most cases better) way, only limiting incoming ping would be
:

!deny world from sending incoming ping
access-list 103 deny icmp any any echo
!permit everything else
access-list 103 permit icmp any any
access-list 103 permit ip any any

put this inbound on your internet connection, is best placement for it.
This list will ONLY stop incoming "ping" requests from going through to the
LAN.

Regards,
  Trevor Corness, CCNA

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
SH Wesson
Sent: Friday, July 21, 2000 8:33 PM
To: [EMAIL PROTECTED]
Subject: Access List ping


I want to create an access list such that a user can ping out and get a
response, but at the same time to be able to not have anyone to ping in.  I
tried an access list denying icmp for IN on that interface, but that totally
stops the pings from going out or in.  Any assistance on how I can get this
accomplish would be greatly appreciated.  Thankx.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to