the secret here is an extended access-list
allowing the echo-reply into the interface
but denying the ech itself. The access-list
below is placed on the inbound of the interface
access-list 100 deny icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit ip any any
Hope this helps
>From: "SH Wesson" <[EMAIL PROTECTED]>
>Reply-To: "SH Wesson" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Access List ping
>Date: Sat, 22 Jul 2000 03:33:03 GMT
>
>I want to create an access list such that a user can ping out and get a
>response, but at the same time to be able to not have anyone to ping in. I
>tried an access list denying icmp for IN on that interface, but that
>totally
>stops the pings from going out or in. Any assistance on how I can get this
>accomplish would be greatly appreciated. Thankx.
>________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]