Issue modifying access-list on PIX 515E

Unanswered Question
Mar 26th, 2007

I have an access list that blocks the first part of a network outbound. This should block networks 1 thru 31. I am trying to replicate this line for an additional network but receive the message

ERROR: IP address,mask <172.17.0.0,255.240.0.0> doesn't pair

Here is the command that I am using :

access-list in-in line 6 extended deny ip any 172.17.0.0 255.240.0.0

Is there something that I am missing? The rule that I am tryig to match is

access-list in-in line 5 extended deny ip any 172.16.0.0 255.240.0.0

Ideas??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cpembleton Mon, 03/26/2007 - 09:06

The 172.17.0.0 255.240.0.0 is part of the 172.16.0.0 255.240.0.0 subnet.

172.16.0.0 /12 = 172.16.0.0 - 172.31.255.255

You would be blocking the same part of the network. What networks are you trying to block?

Thanks,

Chad

Actions

This Discussion