permit only outbound icmp requests and inbound replies, deny other

Discussion in 'Cisco' started by Mark Matheney, Dec 10, 2003.

  1. I want to permit icmp echo requests outbound and echo replies inbound,
    but NOT permit inbound echo requests or their replies ... is this
    possible with Cisco IOS? If so, would you please give an example?
    Mark Matheney, Dec 10, 2003
    1. Advertisements

  2. Mark Matheney

    KR Guest

    Adding the following line to an access-list will block echo requests:

    access-list 123 deny icmp any any echo

    And this will do the same for echo replies:

    access-list 123 deny icmp any any echo-reply

    You need to make two access lists, and then bind them to the relevant
    interfaces (with the access-group command). Remember that access lists
    have an implicit "deny all" at the bottom.
    KR, Dec 10, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.