ICMP Blocking

[RadioX]

I want to block ICMP packets from comming into my network. I have setup an ACL 101 that looks like this

access-list 101 deny icmp any any

when I apply this to the fastethernet interface

ip access-group 101 in

I cannot get out onto the internet anymore

What am I doing wrong. Could someone show me a sample config

Thanks
Ron

 

[BOJIKA]

access-list 101 deny icmp any any
access-list 101 permit ip any any

 

[sobak]

When you apply an access-list to an interface there is an implied deny ip any any at the end. Even though you don't see it entered in, it is how the ACL is coded. Bojika is correct, adding the Permit IP any any will block ICMP but allow all other traffic in. ACL's are executed from the top down so if you need to block any other traffic or protocol, you need to place it in the ACL prior to Permit IP any any. When doing ACL's I usually place the Deny statement (deny ip any any) so I know where my ACL ends.

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*