corptech
asked on
How exactly do I disable ping on a Cisco 1841?
I am a router newbie who has a Cisco 1841 providing a point-to-point T1 connection to my ISP. The router in question is failing a security audit because it has ICMP allowed. It looks to me like ICMP is being denied, but when I try to ping the router I get a response saying "Reply from x.x.x.x: TTL expired in transit."
The portion of my ACL that pertains to ICMP looks like this:
access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny icmp any any
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'? I haven't really delved into what the other icmp permits are doing, either.
Thanks,
Scott
The portion of my ACL that pertains to ICMP looks like this:
access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny icmp any any
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'? I haven't really delved into what the other icmp permits are doing, either.
Thanks,
Scott
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER