Priscilla Oppenheimer wrote: > > Eric W wrote: > > > > Priscilla please forgive me for my lack of vocabulary in this > > issue. > > But yes I am try to make the router silent. > > > > Inter e0/0 (Outside) 192.168.1.20/24 > > Inter ee0/1 (Inside) 192.168.10.0/24 > > > > Ping from outside to (192.168.10.0/24) produces from > e0/0(reply > > from > > 192.168.1.20 packet filtered). This gives away my outside > > interface. > > Could you please direct me to some useful sites that explain > > how I can > > make my router silent? I have been goofing around with this > > ACL for > > three days know. > > > > Which service ports should I filter? > > You need to find out what the router is really sending as an > "error message" when the ping comes through, but as I said > before, it's probably this: > > ICMP Destination Unreachable, Packet Administratively > Prohibited. > > Using the question mark on your Cisco router (or by reading the > documentation), you can see how to filter this. It's an ICMP > message using the IP protocol. It's UDP or TCP service ports.
Sorry. That was supposed to say "it's NOT UDP or TCP." My pesky husband is bugging me as I'm writing this. :-) > Cisco lets you filter by ICMP message type by using numbers or > by using keywords. You're looking for something that looks like > those words above. > > Priscilla > > > > > > Regards > > Eric > > > > Thank you for you information.... > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 26, 2003 9:09 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Ping Reply (Packet Filtered) [7:74365] > > > > Eric W wrote: > > > > > > All I am still fairly new with ACL's. However I m > interested > > in > > > blocking ICMP to my network behind router A (Interface e0/1 > = > > my > > > network). But when a icmp request is issued from the > outside > > > the router > > > replys with packet filtered from (interface e0/0 = outside > > > network) ACL > > > is applied on in coming traffic though e0/0. > > > > You need to find out exactly what the router is really > sending. > > There's > > no > > such packet as "packet filtered." However, there is an ICMP > > message > > "packet > > administratively prohibited" that routers and other devices > can > > send. > > It's > > ICMP type 3, code 13. You could filter that with an ACL. That > > would be > > outbound on the e0/0 outside interface. > > > > You could also block all ICMP. > > > > Security policy often states that routers and firewalls should > > silently > > discard blocked packets. But making them be silent can be > > difficult. > > > > What do others of you do? > > > > Priscilla > > > > > > > > > > > > > > > > How do I get the router stop replying to the outside world > > > (packet > > > filtered). > > > > > > > > > > > > Regards, > > > > > > > > > > > > Eric Washington > > **Please support GroupStudy by purchasing from the GroupStudy > > Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74380&t=74365 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
