How to block ICMP port 512 via ACL?

Is it possible to block Protocal ICMP port 512 with an ACL? If not, how can it be blocked?

Partial ACL listed below, it is applied at the public INT (66.x.66.x) Inbound

R3Gateway#show ip access-lists complete_bogon_v2_5b
Extended IP access list complete_bogon_v2_5b
.
.
.
deny ip 172.16.0.0 0.15.255.255 any (240 matches)
.
.
.
deny ip 192.168.0.0 0.0.255.255 any
permit tcp any any established (142025 matches)
permit udp any eq ntp any (6477 matches)
permit udp any eq domain host 66.x.66.x (2206 matches)
permit udp any host 66.x.66.x eq domain (154 matches)
permit tcp any host 66.x.66.x eq domain (98 matches)
permit tcp any host 66.x.66.x eq www (40 matches)
deny ip any any log-input (4002 matches)

When I do a Show IP NAT translations I get the following output

Pro Inside global      Inside local       Outside local      Outside global
icmp 66.x.66.x:512   172.x.13.x:512   192.168.183.1:512  192.168.183.1:512
icmp 66.x.66.x:512   172.x.13.x:512   192.168.112.1:512  192.168.112.1:512

I would like to block this, but I do not see, or know a way for a specific ICMP port 512.

Is it possible to know if this traffic was initiated from indoe going out, or from outside coming in?

Thanks

orbixAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
The traffic has to be initiated from the inside.
You can block that this way:
   access-list 109 deny icmp any any
   access-list 109 permit ip any any
   
   interface fast 0/0
     ip access-group 109 in

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
orbixAuthor Commented:
I have made those changes, thanks. With regard to appling the ACL IN or OUT. How do you determin what way to apply the ACL?

Is "IN" considered any traffic entering the int from either side, ISP --> Int FA 0/0 <-- Int E 3/2
0
lrmooreCommented:
Apply this "in" on the interface closest to the users.
If users are conected to E 3/2 and FA 0/0 is connection to the ISP, then apply it "in" on the E 3/2 interface.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.