So I have IN and OUT acl on the WAN interface of a cisco ASR.
I want to allow an IP from the internet to ping and traceroute to an IP inside my network (public IP, no NAT).
Will the below configuration work?
Internet to my network
permit icmp host A host B echo
Network to Internet
permit icmp host B host A
When I checked in the router, it does not allow me to set like
permit icmp host A echo-reply host B , but allows
permit icmp host A host B echo-reply , will this allow the reply back for ping from A to B ?
Can I just use icmp command ? I just don't want to use the echo-reply, time-exceeded , unreachable etc...
No comments:
Post a Comment