I am a router newbie who has a Cisco 1841 providing a point-to-point T1 connection to my ISP. The router in question is failing a security audit because it has ICMP allowed. It looks to me like ICMP is being denied, but when I try to ping the router I get a response saying "Reply from x.x.x.x: TTL expired in transit."
The portion of my ACL that pertains to ICMP looks like this:
access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny icmp any any
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'? I haven't really delved into what the other icmp permits are doing, either.