The Cisco "deny" ACL seems to quietly drop TCP/IP packets. Is it possible for it to send either ICMP responses or TCP RST's in response to a denied request?
Cisco ACL – Blocking Connections with ICMP or RST
aclcisco
aclcisco
The Cisco "deny" ACL seems to quietly drop TCP/IP packets. Is it possible for it to send either ICMP responses or TCP RST's in response to a denied request?
Best Answer
Short answer: no. Cisco IP Access Lists can only "permit" or "deny" (drop) packets.
Edit: I stand corrected. Configuring IP Unreachables on the interface results in an ICMP-unreachable message when the packet is dropped.