Hello Attila
If you take a look at the “Access-list command” section of the following Cisco documentation, you will see that ICMP responds with a “administratively prohibited unreachable” response from ICMP.
The “administratively prohibited unreachable” message that appears in the syslog that comes from an ICMP response, is due to the use of an ACL. Take a look to see if you can modify your approach to incorporate this and detect blockage from ACLs.
In addition, take a look at this list of error indications for ping that is listed in WIkipedia. There you can see other are a few error codes, like A and Z, and X that indicate the “administratively” prohibited idea. I’m not sure under what operating system you would see these, but it doesn’t seem that Cisco has these. Even so, looking at the debugs allows you to see them and use them in your troubleshooting scenarios.
Concerning your other scenario, I am having trouble understanding the troubleshooting process. In any case, you suggest creating a loopback interface on router B with the same IP address as host A. Regardless of what that may achieve, this is problematic because you now have two destinations using the same IP address, and you would have to adjust routing so that any ICMP responses to host A (or the loopback masquerading as host A) need to go back to the loopback and not the real host A. This just adds too many additional changes to the topology that can be the cause of future failures…
Hopefully, the administratively prohibited unreachable message should resolve your issue so you won’t have to go to such lengths for troubleshooting.
I hope this has been helpful!
Laz