I am trying to ping a host, let's say 10.1.1.1, from 20.1.1.1.
I have created the ACL:
R1(config)#access-list 1
R1(config)#Deny 20.1.1.1
R1(config)#Permit any
R1(config)# int s0/0
R1(config-if)#ip access-group 1 in
Never mind the configuration, I can deny the host 20.1.1.1 which tries to access 10.1.1.1.
Now when I try to ping 10.1.1.1 from 20.1.1.1, it returns U.U.U
. This means destination host unreachable or it is blocked.
I don't want a malicious person to know that I have used an access-list to block him. I want to change this ICMP Request to be done so that when it throws the error message, it should not return U.U.U
. It should read Destination Host Unreachable or anything better than this.
Kindly Suggest to me how to do this…Thank You
Best Answer
The only thing you can do is add
no ip unreachables
to Serial0/0. This would make pings simply timeout instead of receiving an ICMP admin prohibited message when packets are denied on the serial interface.Examples:
The following examples illustrate what happens:
ip unreachables
is configured on Gi0/0no ip unreachables
is configured on Gi0/0With
ip unreachables
(which is the default) on the interfaceOn the router with the ACL...
And on the host being blocked...
With
no ip unreachables
Adding
no ip unreachables
on ROUTER2...Now the pings fail silently...