Block ICMP request on Cisco 881

[hall5942]

New to Cisco
I'm trying to block the ability for any to ping our public IP from outside of the network. Here is my running config for the access list

access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 100 deny icmp any any echo log
access-list 100 deny icmp any any redirect log
access-list 100 deny icmp any any mask-request log
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 101 deny icmp any any 101
access-list 101 deny icmp any any echo log
access-list 101 deny icmp any any redirect log
access-list 101 deny icmp any any mask-request log
no cdp run

Thanks,

 

[imbadatthis]

so which ACL are you applying to your outside interface ?

it can't be 100 or 101... since on both you are allowing a 10./24 network IN or OUT depending how you would apply it and that can't be your outside interface...

either way , you want your more specific stuff on top , so deny icmp any any should be on top .. then the internal addressing should be denied... so deny ip YOUR_INTERNAL_ADDRESS MASK any , and then your permit statements..




We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.