Scribd Logo
Carica

Benvenuto in Scribd!

  • Lab 41

    Caricato da

    Jose Angel Romero Rodriguez
    38 visualizzazioni4 pagine
    LAB 41

    Titolo originale

    LAB 41

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    LAB 41

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    38 visualizzazioni4 pagine

    Lab 41

    Caricato da

    Jose Angel Romero Rodriguez
    LAB 41

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    CCNA ROUTING AND SWITCHING LAB GUIDE

    LAB 41: HOW TO BLOCK ICMP ECHO AND ECHO-REQUEST

    ICMP is a network layer protocol (ICMP has its own protocol number in the header, IP protocol
    number 1). It does not rely on TCP or UDP.

    Echo is simply call a 'ping'. The Echo Reply is the 'ping reply'. ICMP Echo's are used for
    Network troubleshooting.

    ICMP traffic is critical network traffic, but it can also cause security issues if used against your
    network by a malicious attacker.

    GW and ISP Router: Interface Configuration

    Router#conf t
    Router(config)#hostname GW
    GW(config)#interface fastEthernet 0/0
    GW(config-if)#ip address 103.13.148.1 255.255.255.240
    GW(config-if)#no shutdown
    GW(config-if)#exit
    GW(config)#interface fastEthernet 0/1
    GW(config-if)#ip address 172.16.10.1 255.255.255.0
    GW(config-if)#no shutdown
    GW(config-if)#exit

    ISP#conf t
    ISP(config)#interface fastEthernet 0/0

    ASHISH HALDER
    CCNA ROUTING AND SWITCHING LAB GUIDE

    ISP(config-if)#ip address 103.13.148.2 255.255.255.240


    ISP(config-if)#no shutdown
    ISP(config-if)#exit
    ISP(config)#interface fastEthernet 0/1
    ISP(config-if)#ip address 100.100.100.1 255.255.255.0
    ISP(config-if)#no shutdown
    ISP(config-if)#exit

    Configure Static default route to Internet and Static route to Local LAN

    GW(config)#ip route 0.0.0.0 0.0.0.0 103.13.148.2


    ISP(config)#ip route 172.16.10.0 255.255.255.0 103.13.148.1

    Assign IP to Server PC (LAN Host)

    Assign IP to Outside Host PC1

    ASHISH HALDER
    CCNA ROUTING AND SWITCHING LAB GUIDE

    Apply ping from outside to our local LAN Server

    But we do not want this. So we have to block ICMP Reply from inside LAN for outside hosts

    GW(config)#ip access-list extended inside-in


    GW(config-ext-nacl)#deny icmp any any echo-reply
    GW(config-ext-nacl)#permit ip any any
    GW(config-ext-nacl)#exit

    Also block ICMP echo request from outside to inside LAN

    GW(config)#ip access-list extended outside-in


    GW(config-ext-nacl)#deny icmp any any echo
    GW(config-ext-nacl)#permit ip any any
    GW(config-ext-nacl)#exit

    Apply these rules to both Interface

    GW(config)#interface fastEthernet 0/1


    GW(config-if)#ip access-group inside-in in
    GW(config-if)#exit
    GW(config)#interface fastEthernet 0/0
    GW(config-if)#ip access-group outside-in in
    GW(config-if)#end

    ASHISH HALDER
    CCNA ROUTING AND SWITCHING LAB GUIDE

    Verification

    Now Apply ping from outside host to inside Server - 172.16.10.2

    But other Service such as WEB Service is permitted as we have not block it, only ICMP echo-
    reply is blocked.

    ASHISH HALDER

    Potrebbero piacerti anche