Priscilla please forgive me for my lack of vocabulary in this issue. But yes I am try to make the router silent.
Inter e0/0 (Outside) 192.168.1.20/24 Inter ee0/1 (Inside) 192.168.10.0/24 Ping from outside to (192.168.10.0/24) produces from e0/0(reply from 192.168.1.20 packet filtered). This gives away my outside interface. Could you please direct me to some useful sites that explain how I can make my router silent? I have been goofing around with this ACL for three days know. Which service ports should I filter? Regards Eric Thank you for you information.... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 9:09 AM To: [EMAIL PROTECTED] Subject: RE: Ping Reply (Packet Filtered) [7:74365] Eric W wrote: > > All I am still fairly new with ACL's. However I m interested in > blocking ICMP to my network behind router A (Interface e0/1 = my > network). But when a icmp request is issued from the outside > the router > replys with packet filtered from (interface e0/0 = outside > network) ACL > is applied on in coming traffic though e0/0. You need to find out exactly what the router is really sending. There's no such packet as "packet filtered." However, there is an ICMP message "packet administratively prohibited" that routers and other devices can send. It's ICMP type 3, code 13. You could filter that with an ACL. That would be outbound on the e0/0 outside interface. You could also block all ICMP. Security policy often states that routers and firewalls should silently discard blocked packets. But making them be silent can be difficult. What do others of you do? Priscilla > > > > How do I get the router stop replying to the outside world > (packet > filtered). > > > > Regards, > > > > Eric Washington **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74371&t=74365 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
