Hello colleagues,
I am trying to block all IP traffic from host A to host B except for ICMP
echo replies. This is the access list I hve configured:
access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo log
access-list 100 permit icmp host 171.21.10.2 host 171.21.50.2 echo-reply log
access-list 100 deny ip host 171.21.10.2 host 171.21.50.2
I then apply this access list as inbound to Ethernet0:
Ethernet0
ip address 171.21.50.1
ip access-group 100 in
However, when I try to ping 171.21.50.2 from 171.21.10.2, I get a no reply,
and the access list logs matches under the deny entry. I wonder if I am
missing something or might have the syntax wrong. Do you have any ideas ?
Thanks in advance for your help.
Regards,
Hans
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4321&t=4321
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]