Cisco 2811 ACL problem!

rinoel · 07-26-2009

Hi there, I have a problem to configure the right way an ACL to block incoming ping from other lan to a specific pc to my lan.

I have a 2811 router, I have done succesfully to block the ping's coming from outside, but it block's all pc-s on my lan from ping's, I need it to apply only to one (specific) pc the incoming ping's, how can I achieve that ???

adeelasher · 07-26-2009

first permit icmp to that specific ip address
then deny all icmp
and then permit ip any any
if u need further details plz let me know...

rinoel · 07-26-2009

This is my current config:

My internal interface 192.168.1.254 has three pc's
- 192.168.1.1
- 192.168.1.2 and
- 192.168.1.3

The external interface is 192.168.100.254...

I have done that what adeelasher said, but it block's again the whole three pc's from pinging from outside...

Can you explain me in details how to achieve that, I have tried a lot of things but can't achieve to block the ping's to only one pc, instead it block's all of them from ping-ing

adeelasher · 07-27-2009

where r u applying that access list i mean which interface and what direction...

adeelasher · 07-27-2009

Below is the sample config for you i hope it would be helpful...just let me know if there is any issue.. i guess the problem is which direction you are applying that ACL.

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
!
!
!
interface FastEthernet0/0 (inside)
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0 (outside)
ip address 192.168.100.254 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
!
!
access-list 101 permit icmp any host 192.168.1.2 (to allow access to single ip address from outside)
access-list 101 deny icmp any any (to deny all icmp from outside to inside)
access-list 101 permit ip any any (to allow all other traffice)
!
!
!
control-plane
!

rinoel · 07-27-2009

Hi adeelasher, can I pls have ur msn add or other contact address ??

rinoel · 07-27-2009

I got it working, everything's fine right now, thnx a lot man...

adeelasher · 08-24-2009

Quote:

Originally Posted by rinoel

Hi adeelasher, can I pls have ur msn add or other contact address ??

yes its ccie1 @ live . com

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750	Vimokh	Cisco	3	09-06-2006 02:16 AM
Vwic 2mft t1 card for cisco 2811- config	bhamoo@gmail.com	Cisco	0	12-18-2004 05:30 PM
Network Setup- Cisco 2811 and ISA server	kalaitzidis@gmail.com	Cisco	5	12-11-2004 03:02 AM
Cisco VPN Client 4.6.00.0049 to Cisco router 12.3.8T5, ACL's ?	Ronald de Leeuw	Cisco	1	11-25-2004 10:18 PM
PIX - Can extended ACL's be used as crypto ACL's on a PIX	Shad T	Cisco	0	06-29-2004 06:27 PM