Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1760
  • Last Modified:

How exactly do I disable ping on a Cisco 1841?

I am a router newbie who has a Cisco 1841 providing a point-to-point T1 connection to my ISP.  The router in question is failing a security audit because it has ICMP allowed.  It looks to me like ICMP is being denied, but when I try to ping the router I get a response saying "Reply from x.x.x.x: TTL expired in transit."

The portion of my ACL that pertains to ICMP looks like this:

access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny   icmp any any

Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?  I haven't really delved into what the other icmp permits are doing, either.  

Thanks,
Scott
0
corptech
Asked:
corptech
1 Solution
 
Don JohnstonInstructorCommented:
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?

No.

The TTL exceeded message is being allowed by the "permit icmp any any time-exceeded" line.

access-list 105 permit icmp any any packet-too-big
! allows the message that it's received a packet that it can't forward because it's too big
access-list 105 permit icmp any any source-quench
! allows the message that a host that the router can't keep up with the it's receiving
access-list 105 permit icmp any any time-exceeded
!see above
access-list 105 permit icmp any any echo-reply
! allows replies to pings
access-list 105 deny   icmp any any
! stops any icmp messages

Here a page that has details on ICMP messages.

http://www.softpanorama.org/Net/Internet_layer/icmp.shtml
0
 
corptechAuthor Commented:
perfect donjohnston.  thanks a lot.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now