[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

how to block one way ping?

HI,

i want an acl that do this "i can ping nd get reply from 192.168.1.2 but 192.168.1.2 cant ping me he doesnt get reply" so i applied this on my e0/1 inbound     e0/1 ip is 192.168.1.1  
                           10 deny icmp host 192.168.1.2 host 192.168.1.1 echo-reply (9 matches
                          20 permit icmp any any echo-reply


now 192.168.1.2 cant ping 192.168.1.1 it sees destiation host unreachable but its also blocking 192.168.1.1 to ping or get reply from 192.168.1.2 this what i dont want.

when i apply outbound nothing works!!

Thanks
0
dontdig
Asked:
dontdig
  • 2
1 Solution
 
Istvan KalmarCommented:
could you show us the config?

0
 
Don JohnstonInstructorCommented:
So you want 1.1 to be able to ping 1.2 but you don't want 1.2 to be able to ping 1.1?

If so:

access-list 101 deny icmp host 192.168.1.2 host 192.168.1.1 eq echo request
access-list 101 permit ip any any
int e0/1
 ip access-group 101 in

Open in new window

0
 
dontdigAuthor Commented:
sorry for delay reply

after putting eq echo    there is no option like "request" my router is version is  C7200-ADVENTERPRISEK9-M), Version 12.4(15)T9,
0
 
Don JohnstonInstructorCommented:
Sorry. My bad.

The line should be:

 access-list 101 deny icmp host 192.168.1.2 host 192.168.1.1 echo
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now