With the following configuration I expected the router to filter the ICMP
time to live response from R2 to R3, but the access-list is not matching
the ICMP packets.
Any thoughts?
Router 2
interface loop 0
ip ad 2.2.2.2 255.255.255.255
!
interface Serial0.23 point-to-point
ip address 192.168.23.1 255.255.255.0
ip access-group 100 out
no ip route-cache
frame-relay interface-dlci 123
!
access-list 100 deny icmp any any
!
end
R2#show access-lists 100
Extended IP access list 100
deny icmp any any (0 matches)
R2#
7w1d: IP: s=192.168.23.2 (Serial0.23), d=2.2.2.2, len 28, rcvd 0
7w1d: UDP src=36435, dst=33434
7w1d: IP: s=192.168.23.1 (local), d=192.168.23.2 (Serial0.23), len 56,
sending
7w1d: ICMP type=3, code=3
7w1d: IP: s=192.168.23.2 (Serial0.23), d=2.2.2.2, len 28, rcvd 0
7w1d: UDP src=38762, dst=33435
7w1d: IP: s=192.168.23.2 (Serial0.23), d=2.2.2.2, len 28, rcvd 0
7w1d: UDP src=33158, dst=33436
7w1d: IP: s=192.168.23.1 (local), d=192.168.23.2 (Serial0.23), len 56,
sending
7w1d: ICMP type=3, code=3
Router 1
R3#traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2
1 192.168.23.1 4 msec * 4 msec
R3#
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61705&t=61705
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
