Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disable ping in a router

Status
Not open for further replies.
SimonPeh

SimonPeh

MIS
Sep 11, 2002
96
SG
Hi Guys,

Anybody out there know how to disable ping in a router from an external network but at the same time allow ping in the internal network.

I suppose I need to turn off ICMP protocol in the router.
Can anyone kindly let me know how you do it?

Thank in advance !

Cheers
SP
 
Sort by date Sort by votes
So let me get this straight, you dont want people from the external network to be able to ping your router? Or you dont want people from an external network to ping through your router?

You cant disable ICMP. You can put up an access-list that denies pings entering an interface.
logo-tektips.gif
 
Upvote 0 Downvote
Hi inikis,

I do not want anyone to ping through my router or into my network from an external network.

How do u setup the access-list that denies ping ? Is it the same way for disabling FTP and telnet port 20,21 and 23 ?

Any advice ?

Thanks
 
Upvote 0 Downvote
ok, lets say you dont want ping coming in through serial 0 interface

---------------------------------
acess-list 101 deny icmp any any
access-list 101 permit ip any any
!
interface Serial0
ip access-group 101 in
---------------------------------

Does that make sense? If you post your router config, I can write it specific to your router.
logo-tektips.gif
 
Upvote 0 Downvote
A slight correction.. the above ACL will deny ICMP but send back a message saying it was administratively denied. Which is probably not what you want.

access-list 107 deny icmp any any echo log

This entry will deny the echo back to the pinger. It will appear to be a black hole when the ping is sent :)

There are several options for ICMP when denying the packet.

MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
The above example would also have the drawback of preventing anyone inside your network from pinging to the outside world. The ICMP Echo Replies would get killed coming into s0. There are also other useful ICMP functions besides ping that would be lost.
 
Upvote 0 Downvote
Thank you guys for all the great help and tips.

Your help are appreciated.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
243
DavetheChef
DavetheChef
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
347
CPM86
CPM86
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
216
badwolf1686
B
jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
432
jarod_paris
jarod_paris
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
479
nt8d09
nt8d09

Part and Inventory Search

Sponsor

Back
Top