Options
Some issues with blocking and allowing ping
Jeroen1000
Member Posts: 15 ■□□□□□□□□□
in CCNA & CCENT
Hi you all,
I've been thinking about this and I've tried several things, so I suppose I have a little too less knowledge to get this one right.
I've got 3 subnets, for each subnet there is one router controlling the ways in (and out).
In subnet A there is a management pc that is allowed to ping every pc in any subnet. In subnet B there are 2 pc's. The router that "controls" this subnet has on his fa0/0 interface an access list that denies all trafic(fa0/0 in direction). The pc's in that subnet (subnet
cannot (and may not) reach any other pc in any of the other subnets.
However, the pc's in subnet B should be able to respond to a ping from the management pc in subnet A. Since an access list is blocking the ping reply from the pc's in subnet B the management pc does not know whether the ping was successful.
In short: From subnet B only ping replies to one specific pc in subnet A are allowed. Subnet B pc's are not allowed to ping to other subnets, they may only reply to a ping from a specific pc.
Could anyone please tell me whether this is possible? (and kindly tell how
)
many many thanks,
ps: I can allow all pinging activity from the managemant pc to subnet B pc's (and vice versa), but unfortunalely subnet B pc's can ping back, I just have to try to prevent them to be able to do that...
Jeroen
I've been thinking about this and I've tried several things, so I suppose I have a little too less knowledge to get this one right.
I've got 3 subnets, for each subnet there is one router controlling the ways in (and out).
In subnet A there is a management pc that is allowed to ping every pc in any subnet. In subnet B there are 2 pc's. The router that "controls" this subnet has on his fa0/0 interface an access list that denies all trafic(fa0/0 in direction). The pc's in that subnet (subnet
cannot (and may not) reach any other pc in any of the other subnets.However, the pc's in subnet B should be able to respond to a ping from the management pc in subnet A. Since an access list is blocking the ping reply from the pc's in subnet B the management pc does not know whether the ping was successful.
In short: From subnet B only ping replies to one specific pc in subnet A are allowed. Subnet B pc's are not allowed to ping to other subnets, they may only reply to a ping from a specific pc.
Could anyone please tell me whether this is possible? (and kindly tell how
)many many thanks,
ps: I can allow all pinging activity from the managemant pc to subnet B pc's (and vice versa), but unfortunalely subnet B pc's can ping back, I just have to try to prevent them to be able to do that...
Jeroen
Comments
-
Options
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
Check out the ping section on the link. Let me know if this is what you are looking for.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#icmp -
OptionsJeroen1000
Member Posts: 15 ■□□□□□□□□□
gojericho0 wrote:Check out the ping section on the link. Let me know if this is what you are looking for.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#icmp
Yes thank you that is it, unfortunately packet tracer won't accept
"access-list 102 permit icmp any any echo-reply".
It's the echo-reply part it doesn't like
I'm guessing this is a packet tracer limitation. I'm going to check in the CCNA course whether there are alternate solutions!
edit: Jep it works in Boson Netsim. Thank you for the very good hint
kind regards,
Jeroen