How exactly do I disable ping on a Cisco 1841?

I am a router newbie who has a Cisco 1841 providing a point-to-point T1 connection to my ISP.  The router in question is failing a security audit because it has ICMP allowed.  It looks to me like ICMP is being denied, but when I try to ping the router I get a response saying "Reply from x.x.x.x: TTL expired in transit."

The portion of my ACL that pertains to ICMP looks like this:

access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny   icmp any any

Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?  I haven't really delved into what the other icmp permits are doing, either.  

Thanks,
Scott
LVL 2
corptechAsked:
Who is Participating?
 
Don JohnstonConnect With a Mentor InstructorCommented:
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?

No.

The TTL exceeded message is being allowed by the "permit icmp any any time-exceeded" line.

access-list 105 permit icmp any any packet-too-big
! allows the message that it's received a packet that it can't forward because it's too big
access-list 105 permit icmp any any source-quench
! allows the message that a host that the router can't keep up with the it's receiving
access-list 105 permit icmp any any time-exceeded
!see above
access-list 105 permit icmp any any echo-reply
! allows replies to pings
access-list 105 deny   icmp any any
! stops any icmp messages

Here a page that has details on ICMP messages.

http://www.softpanorama.org/Net/Internet_layer/icmp.shtml
0
 
corptechAuthor Commented:
perfect donjohnston.  thanks a lot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.