[c-nsp] VPN blocked from access list
Paul Stewart
pauls at nexicom.net
Mon Aug 23 20:35:51 EDT 2004
Below is part of an access list we have implemented at a cable modem
POP. Works great along with blocking windows ports and crap. :)
The problem is that since I implemented this access list, our cable
techs cannot access our VPN.
Is what I did below just wrong OR is it just missing some permit
statements for other icmp types that I missed?
Thanks,
Paul
access-list 100 remark Specifically block ICMP fragments
access-list 100 deny icmp any any fragments
access-list 100 remark Permit inbound ping.
access-list 100 permit icmp any any echo
access-list 100 remark Permit inbound ping response.
access-list 100 permit icmp any any echo-reply
access-list 100 remark Permit Path MTU to function.
access-list 100 permit icmp any any packet-too-big
access-list 100 remark Permit time exceeded messages for traceroute and
loops.
access-list 100 permit icmp any any time-exceeded
access-list 100 remark And explicitly block all other ICMP packets
access-list 100 deny icmp any any
More information about the cisco-nsp
mailing list