Solved

How exactly do I disable ping on a Cisco 1841?

Posted on 2007-11-29
2
1,702 Views
Last Modified: 2013-11-29
I am a router newbie who has a Cisco 1841 providing a point-to-point T1 connection to my ISP.  The router in question is failing a security audit because it has ICMP allowed.  It looks to me like ICMP is being denied, but when I try to ping the router I get a response saying "Reply from x.x.x.x: TTL expired in transit."

The portion of my ACL that pertains to ICMP looks like this:

access-list 105 permit icmp any any packet-too-big
access-list 105 permit icmp any any source-quench
access-list 105 permit icmp any any time-exceeded
access-list 105 permit icmp any any echo-reply
access-list 105 deny   icmp any any

Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?  I haven't really delved into what the other icmp permits are doing, either.  

Thanks,
Scott
0
Comment
Question by:corptech
2 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 125 total points
ID: 20375611
Does the 'permit icmp any any echo-reply' override the 'deny icmp any any'?

No.

The TTL exceeded message is being allowed by the "permit icmp any any time-exceeded" line.

access-list 105 permit icmp any any packet-too-big
! allows the message that it's received a packet that it can't forward because it's too big
access-list 105 permit icmp any any source-quench
! allows the message that a host that the router can't keep up with the it's receiving
access-list 105 permit icmp any any time-exceeded
!see above
access-list 105 permit icmp any any echo-reply
! allows replies to pings
access-list 105 deny   icmp any any
! stops any icmp messages

Here a page that has details on ICMP messages.

http://www.softpanorama.org/Net/Internet_layer/icmp.shtml
0
 
LVL 2

Author Closing Comment

by:corptech
ID: 31411731
perfect donjohnston.  thanks a lot.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now