It would seem that you want to apply the access-list to the interface that
connects to the Internet. I assume that is the Serial interface.
You want to block ICMP echoes incoming. (Someone pinging you.)
You want to allow ICMP echo replies incoming. (Replies from others to pings
sent by you.)
Your example allows telnet from the Firewall to the router. However it does
not block telnet from the Internet to any other box other than the router.
Hopefully the Firewall provides that protection. Alternately, you could just
block all telnet at the serial interface.
> -----Original Message-----
> From: David Gollop [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 24, 2001 11:09 AM
> To: [EMAIL PROTECTED]
> Subject: how to implement access-list in the way [7:1730]
>
>
> Hi.. I have a internet gateway router with ethernet ip
> 200.100.100.101/24
> and serial ip unumbered and I have a firewall ip 200.100.100.100/24.
>
> I want people from internet cannot ping and telnet to my
> router via its
> ethernet IP, so I implement vty access-list as shown below to
> allow my
> firewall to telnet to it but it still cannot prevent people
> from internet to
> ping my ethernet ip
>
> ccess-list 2 permit 200.100.100.100
>
> line vty 0 4
> access-class 2 in
>
> What access-list can be implement to prevent other from
> internet to ping the
> ethernet ip but still allow LAN user to ping to internet via
> the internet
> router? waht is the syntax like ?
>
>
>
>
>
> ______________________________________________________________
> ___________
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1733&t=1730
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
