Stephane, How are you applying this? It should be coming and not going out. ex. ip access-group 101 in
Thanks, Robert Raver ----- Original Message ----- From: "Stephane Litkowski" To: Sent: Tuesday, November 05, 2002 11:21 AM Subject: Traceroute blocking on CISCO router [7:56924] > Hi all, > > how can I prevent a cisco router to respond to a traceroute (ICMP or UDP) ? > I tried to apply an access-list out to prevent ICMP to be generated by the > router, but it doesn't seem to block anything ! Maybe access-lists cannot > block local traffic ... > > access-list 101 deny icmp any any log > access-list 101 permit ip any any > > I see the packet log by the ACL, but it is still transmitted (because local > ?) > > 00:24:13: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.3 -> > 192.168.1.2(0/0), 1 packet > 00:24:13: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len 56, > sending > 00:24:13: ICMP type=11, code=0 > > Thanks for help > > Stephane Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56932&t=56924 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
