Issue modifying access-list on PIX 515E

Unanswered Question
Mar 26th, 2007
User Badges:

I have an access list that blocks the first part of a network outbound. This should block networks 1 thru 31. I am trying to replicate this line for an additional network but receive the message


ERROR: IP address,mask <172.17.0.0,255.240.0.0> doesn't pair


Here is the command that I am using :


access-list in-in line 6 extended deny ip any 172.17.0.0 255.240.0.0


Is there something that I am missing? The rule that I am tryig to match is


access-list in-in line 5 extended deny ip any 172.16.0.0 255.240.0.0


Ideas??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cpembleton Mon, 03/26/2007 - 09:06
User Badges:
  • Silver, 250 points or more

The 172.17.0.0 255.240.0.0 is part of the 172.16.0.0 255.240.0.0 subnet.


172.16.0.0 /12 = 172.16.0.0 - 172.31.255.255


You would be blocking the same part of the network. What networks are you trying to block?


Thanks,

Chad



Actions

This Discussion