cisco 2610

  • Thread starter Thread starter Deleted member 58846
  • Start date Start date

Deleted member 58846

Deleted member 58846

does any1 here know how to block icmp pings from outside an adsl setup (cisco 2610)...

I try ...... access-list 101 deny icmp any any redirect

I apply it to an interface but it then kicks me off the inside network for some reason. Any ideas ?

Also which interface do I apply it too. Thanks
 
Outside interface in (inbound) is where you apply it. (I think it's interface atm 0/(whatever it's been assigned))

Also an access-list has an implicit deny at the end so you need at least 1 permit statement or you're just blocking everything

Sorry I'm not familiar with router stuff yet, so can't be of too much help
 
Wyvern971 said:
Outside interface in (inbound) is where you apply it. (I think it's interface atm 0/(whatever it's been assigned))

Also an access-list has an implicit deny at the end so you need at least 1 permit statement or you're just blocking everything

Sorry I'm not familiar with router stuff yet, so can't be of too much help
Click to expand...

yeh, the interface I apply it to is Dialer0 (my dial interface for my adsl wic). I'm stumped myself on how to stop external icmp. Thanks I'll keep searching unless someone replys here, im sure a guru will come find it since its got cisco 2610 in my post :o
 
zen62619 said:
yeh, the interface I apply it to is Dialer0 (my dial interface for my adsl wic). I'm stumped myself on how to stop external icmp. Thanks I'll keep searching unless someone replys here, im sure a guru will come find it since its got cisco 2610 in my post :o
Click to expand...

access-list 101 deny icmp any any
access-list 101 permit ip any any

apply that inbound to your dialer interface and it will definitley block ping,


The fact that you had redirect specified in your original ACL wouldn't really apply as redirect is only one type of ICMP packet out of many if you want to block pinging and icmp crap from the internet, I suggest you block ICMP on the whole, which will include echo request and echo reply (basic ping) Also remember that as soon as you create an ACL there is a invisible implicit "deny any any" which comes into effect unless you negate it with a "permit any any" at the end of the ACL. Hence why in your first attempt you kicked yourself off altogether and stopped all traffic :)
 
V-Spec said:
access-list 101 deny icmp any any
access-list 101 permit ip any any

apply that inbound to your dialer interface and it will definitley block ping,


The fact that you had redirect specified in your original ACL wouldn't really apply as redirect is only one type of ICMP packet out of many if you want to block pinging and icmp crap from the internet, I suggest you block ICMP on the whole, which will include echo request and echo reply (basic ping) Also remember that as soon as you create an ACL there is a invisible implicit "deny any any" which comes into effect unless you negate it with a "permit any any" at the end of the ACL. Hence why in your first attempt you kicked yourself off altogether and stopped all traffic :)
Click to expand...

Thanks, works a bomb, yeh I forgot the hidden acl. Thanks :).
 
You must log in or register to reply here.
Back
Top Bottom